In recent years, a large number of pages with a hierarchical structure have been created using World Wide Web technology such as hyperlinks, and such pages have been widely used not only on the Internet but also on intranets. A large website with a large number of pages is built assuming that the website is accessed by multiple users having a variety of attributes. For example, there is a case in which, for appropriate information management within a company, browsable pages are restricted by department, position, job title, or the like. Also, there is a case in which when a database is updated by an operation performed on a page, a determination as to whether to allow for the update may be made according also to attributes of a user.
Examples of techniques for access control can be found, for example, in Japanese Unexamined Patent Publication (Kokai) No. 2005-92891 and Japanese Unexamined Patent Publication (Kokai) No. 2006-48220.
Conventionally, such access control is reflected in the design of software for access control and implemented by the software being operated on a web server or the like. For example, design specifications that “if the attribute of a user is a specific attribute, then the user is allowed to refer to a given page” are implemented by a database in which an attribute is stored for each user, a database in which an attribute of a user to whom access is granted is stored for each page, and a program that determines, based on the attribute stored in the databases, whether to grant or deny access. Thus, to change access control or add an attribute or page, there is a need to change the databases or program.
For example, when a database is in a table format including a plurality of rows provided for each page and a plurality of columns provided for each attribute, a new column needs to be added to the table, in order to add an attribute. A process of adding a column to the table takes a very long time, depending on the type of database or the data size. In order to eliminate the need to change access control, it may be considered to enable setting of sufficient types of attributes in advance; however, it is almost impossible to fully predict future modifications and prepare in advance for attributes.