This invention relates generally to techniques and methods for controlling access to data and commands in a graphical user interface system having a collection of different user interface elements. Each user interface element may contain sensitive data or functional characteristic that can only be accessed by authorized users.
A computer program communicates with the user by displaying commands and data on a display screen and accepts inputs from the user in the form of a mouse action, a keyboard press, or a touch screen action. The way each display screen is organized depends on the application. When a computer program contains sensitive data, or can access sensitive data, is used by more than one user, there is a need to limit access to the sensitive information. Information security has been addressed at the operating system, network, and protocol levels in the current art. Almost all computer operating systems provide means to control access to a file or a computer program for running the file; but it is up to the computer program to determine which commands or user interface elements on each display screen is accessible to which user. For example, a point of sale (POS) retail sales computer program is used by one or more cashiers and store managers to manage sales and inventory. The storeowner may allow cashiers to access only the sale prices and to hide all cost and profit information from cashiers; while store managers can have access to all information.
Most computer programs control access to information by limiting access to specific functional menus in the program. For example, Peachtree Office Accounting computer software restricts access, depending on user access level, to specific program areas (modules), which in turn restricts access to those display windows assigned to the restricted program areas. Instead of limiting access to specific user interface elements in each display window, this method disables access to the entire display window. This technique requires the non-restricted user interface elements contained in the restricted display window to be accessed by the user in a duplicate window that now only contains user interface elements that are accessible to the user based on the user's access level. Thus, the software programmer must create a duplicate window for each level of user access, gradually increasing the number of non-restricted user interface elements for every increased level of access. Therefore the current art requires additional programming and operation complexity that results in an increased cost to the user to achieve a secure user interface for multiple users of the same system or program.
Because of the duplicate window or different window method used by the current art, users of the system are required to learn new user interface displays, menus, and elements when they are granted a higher or different level of security access on the program or system. An example of this is when a cashier may be promoted to an assistant management position and subsequently has her security level increased to reflect her new responsibilities. Using the current art technique, the new assistant manager will have to learn a new set of program commands, menu items and window display layouts to perform her new duties. As a result, the new assistant manager has an increased learning curve for her new responsibilities and thus requires more time to become effective in her job and profitable for her employer.
An electronic cash register system has been developed which includes an administration system for enabling access on a clerk-by-clerk basis. In such a system, the clerk who handles the electronic cash register is first identified by the register before initiating the actual registration operation and totaling operation. Each clerk is assigned a unique identification number and inputs that number into the register, where the number has been previously stored, to access the cash register functions. The cash register may be programmed to allow different clerks access to different functions of the register. Such a system is disclosed in U.S. Pat. No. 4,570,223 “CASH REGISTER CONTROL SYSTEM FOR AUTHORIZATION OF SELECTED OPERATOR FUNCTIONS,” issued on Feb. 11, 1986 to Yoshimoto (Osaka, JP). The invention requires a key switch to access the register and to program the register using keyboard combinations to manipulate hardwired circuits and switches contained in the register to control operator functions. It does not address access control of user interface elements in computer programs.
Notwithstanding the known information referred to above, a need still exists to provide an effective method for controlling access to individual user interface elements on each display screen in a computer program. This invention fulfills that need.