JP2000305834A - Data access control device - Google Patents

Abstract

[PROBLEMS] To provide a data access control device and a data access control method for efficiently executing control for an access request to a database. A hierarchical data menu to be displayed to a user making an access request to a database is set in association with a user ID unique to the user. On the basis of the user identifier included in the access request, a user master table is searched, a menu identifier set corresponding to the user identifier is retrieved, and a data file having the same menu identifier is selected from the menu master table to select a hierarchical data menu. Is generated and output to the terminal device as a display menu.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] The present invention relates to a data access control device and a data access control method. More specifically, in a configuration in which a database has a plurality of data files and a plurality of users access the data files in the database, the access right of each user is controlled to clearly define the range of the access right for each user. The present invention relates to a data access control device and a data access control method capable of more reliably protecting confidential information.

[0002]

2. Description of the Related Art In general, in a data processing system that handles various data, a configuration in which a user restricts access to data stored in a database for reasons such as confidentiality of specific data, restriction of writing, and modification of data. Have been. In the field of accounting, many accounting systems using computers have been developed, and various accounting processes are executed by programs based on various types of accounting data input via a user interface.
Storing input data or processing data in a database, generating various accounting documents such as slips, invoices, financial statements,
A system that automates output is used.

[0003] For example, the head office of a company by a network,
Network-type accounting systems that connect branches and connect a large number of user terminals and allow data input and output at each connection terminal are also rapidly spreading. In such an accounting system, a plurality of users are connected to each user terminal. , Input the accounting data, accumulate the input data in the database, execute the accounting processing of the accumulated data by a predetermined processing program, and create various accounting data such as a profit and loss statement, a balance trial balance, a cash flow chart, and the like.

In such a network type accounting system, various users access the database to input accounting data such as transfer slips, deposit slips, and withdrawal slips, and to perform various inquiry processes such as balance inquiry. Execute the process. The input data is subjected to journal processing and the like in accordance with predetermined accounting rules, and various form data such as a journal diary, a general ledger, a balance trial balance, and a profit and loss statement are generated. For example, the payment processing based on the sales generated daily in various departments, the payment processing based on the expenditure of expenses, the transfer processing based on the payment of salary, etc. are sequentially input from the user terminals of the respective departments connected to the network, and the data processing means The processing of the input data is executed in accordance with a preset program to generate various book data. Further, it performs accounting closing processing and settlement processing for each predetermined accounting period, such as every month or every year, and outputs various forms, tabulation tables, and the like.

[0005] These accounting data are stored in a database, but if all users connected to the network are allowed to access, write, and correct all data files in the database, the data protection is incomplete. become. Further, in accounting processing data, there are many data that should be kept confidential to general users, for example, information specific to a head office or a branch of a company or management data of an accounting department. A configuration that prohibits or restricts the access of the user is required.

[0006]

In a conventional data processing system, for example, a user ID or a user password, which is a user identifier, is used as a configuration for restricting security, writing, and modification of specific data, that is, restricting access. Recognize and create a table in which these IDs or passwords are associated with individual data files of a plurality of data files stored in the database, and refer to this table to obtain data requested by the user for access. A configuration in which access to a file is permitted or prohibited has been generally adopted.

However, in the above-described configuration, when the user attempts to access one file, one
A file designating signal for designating one data file is transmitted, and this file designating signal is received by, for example, a database management server, and a table in which the user ID is associated with the designated file is searched. It is necessary to execute a process of transmitting an access approval / denial response to the user terminal for permitting access if there is a response and denying access if there is no response for each specified file.

When the user makes a file request continuously, it is necessary to repeatedly execute a process of designating a new file and obtaining a response of access permission / denial from the database management server. As described above, when a user accesses a database which is constituted by a plurality of files and has an access restriction to a different file continuously, a signal transmission / reception between the user and the database for acknowledgment of access is frequently performed. As a result, the processing becomes complicated and the processing time is delayed.

A data access control device and a data access control method according to the present invention solve the above-mentioned problems. In response to an access request from a user to a database storing a plurality of data files, each user accesses the database. The possible range is presented to the user in a lump, allowing each user to list his or her own accessible data files, and omitting the inquiry process of permitting and disallowing access between the user and the database server. The purpose is to do.

Further, the data access control device and the data access control method of the present invention provide a hierarchical data file configuration to a user in response to an access request from the user to a database storing a plurality of data files. , Even if the user has no knowledge of the data file structure in the database,
An object of the present invention is to easily understand a data file configuration and to achieve easy file use.

Further, the data access control device and the data access control method of the present invention do not indicate the existence of the confidential data file in the database as well as the file name to a user without access right. It is an object of the invention to enhance the protection of confidentiality by adopting a configuration.

[0012]

In order to achieve the above-mentioned object, a data access control device according to the present invention comprises: a database means for storing a plurality of data files constituting a hierarchical structure; and an access to the data files in the database means. A data access control device having at least one terminal device for performing an access request for accessing a data file from the terminal device, wherein the access control device includes a user device included in the access request from the terminal device. Based on the identification information, a hierarchically structured data menu composed of file identifiers of at least some of the plurality of data files stored in the database is output as a display menu to the terminal device that has issued the access request. It is characterized by the following.

Further, the data access control device of the present invention stores a user master table storing user information for each user, and data file specific information corresponding to each of a plurality of data files stored in the database. A menu master table, and the user master table has a user identifier unique to the user;
A menu identifier that uniquely defines a hierarchically structured data menu constituted by file identifiers of at least some of the plurality of data files is set, and a menu corresponding to each of the data files is set in the menu master table. The access control means has a configuration in which the identifiers are set in association with each other, and the access control means extracts the corresponding user identifier from the user master table based on the user identifier included in the access request from the terminal device, and Menu identifier that is set in accordance with the user identifier, and selects a data file having a menu identifier corresponding to the identified menu identifier from the menu master table, and issues an access request using the hierarchically structured data menu as a display menu. Output to the terminal device And having a formation.

Further, in the data access control device of the present invention, the user master table has a processing authority setting field for a data file for each user, and the menu master table has an activation authority setting field corresponding to each data file. Wherein the access control means controls the activation of the data file based on the setting value of the processing authority setting field of the user master table and the setting value of the activation authority setting field of the menu master table. And

Further, the data access control device of the present invention constitutes an accounting system in which a plurality of input terminals are connected by a network, a database stores a plurality of accounting data files relating to accounting, and a menu master table has a plurality of menu master tables. Is a table storing unique information for each of the accounting data files.

Further, in the data access control device according to the present invention, the data access control device includes a user master table storing user information for each user and a data file identifier of a plurality of data files stored in a database. And a hierarchical data menu table storing a hierarchical data menu of
In the user master table, a user identifier unique to the user and a menu identifier that uniquely determines a hierarchically structured data menu constituted by file identifiers of at least some of the plurality of data files are set. The menu table has a configuration in which a hierarchically structured data menu associated with a menu identifier is registered, and the access control means, based on a user identifier included in an access request from the terminal device,
A corresponding user identifier is extracted from the user master table, a menu identifier set corresponding to the extracted user identifier is identified, and a hierarchically structured data menu having a menu identifier corresponding to the identified menu identifier is hierarchized. It is characterized in that it has a configuration in which it is selected from the structure data menu table and output as a display menu to the terminal device which has made an access request.

Further, the data access control method of the present invention is a data access control method for controlling, by an access control means, an access request from a terminal device to a plurality of data files constituting a hierarchical structure stored in a database. The control means determines user identification information included in the access request from the terminal device,
A hierarchical data menu composed of file identifiers of at least some of the plurality of data files stored in the database based on the determined user identification information is output to the terminal device as a display menu. .

Further, in the data access control method of the present invention, the access control means extracts a corresponding user identifier from a user master table based on the user identifier included in the access request from the terminal device, and extracts the extracted user identifier. Identify a menu identifier set in the user master table corresponding to the user identifier, select a data file having a menu identifier corresponding to the identified menu identifier from the menu master table, and configure the selected data file. The hierarchical data menu is output to the terminal device as a display menu.

[0019]

FIG. 1 is a block diagram showing a system configuration of a data access control device according to the present invention. A plurality of user terminals 11, 12, and 13 are connected to the access management server 30 via the network 20, and the access management server 3
0 corresponds to an information file database 50 storing data having a plurality of data files as constituent elements, a user master database 51 storing individual user information, and each data file of a plurality of data files included in the information file database 50. It is configured to be able to access each of the menu master database 52 that stores the menu information related to the unique information and the hierarchical structure information of the data file.

FIG. 2 shows an example of a system configuration in which the data access control device and the data access control method of the present invention are applied as an accounting processing system. The example shown in FIG. 2 is a network-type accounting system in which input / output devices 101, 102, and 103, an application server 104, and a database server 105 are connected via a network 106.

The data access control device and data access control method of the present invention are applicable not only to an accounting system but also to various database systems. Basically, it is applicable as long as it has a database configuration accessible to a plurality of users connected by the network shown in FIG. 1, and various data access such as a document management database, a personnel information management database, etc. Applicable in control devices. Below,
As a specific embodiment of the data access control device and the data access control method of the present invention, an example applied to a network type accounting system shown in FIG. 2 will be described.

The user terminals 11, 12, 13 in FIG.
Corresponds to the input / output devices 101, 102, 103 in FIG.
The access management server in FIG. 1 corresponds to the server 1051 in the database server 105 in FIG. 2 or the servers 1041 and 1042 in the application server 104. The information file database 50, the user master database 51, and the menu master database 52 in FIG. FIG.
Of the database 1052.

Hereinafter, the data access control device and the data access control method of the present invention will be described in detail by taking the network type accounting system shown in FIG. 2 as an example. The input / output devices 101, 102, and 103 are user terminal devices that use the accounting processing system, and the user inputs predetermined accounting data. For example, accounting data generated at a business office, department, individual, or the like where each input / output device is arranged, such as input of a payment slip relating to sales, input of a payment slip associated with occurrence of transportation expenses, and the like. I / O device 101, 1
Each of the devices 02 and 103 is a device assigned to a predetermined unit such as a business unit, a department, or a user. Accounting data generated within the assigned range is input. Is done. I / O device 1
01, 102, and 103 are described as representative of the input / output device 103, but have a GUI function, and can output and display various data input screens and data display screens on a display as described later. You can enter accounting data on the screen.

These input / output devices 101, 102, 103
Is connected to an application server 104 and a database server 105 via a network 106.

The application server 104 has servers 1041 and 1042 constituted by, for example, PC servers as hardware, and executes various accounting processes according to application programs in the servers 1041 and 1042. The database server 105 has a server 1051 and a database 1052. Server 10
Reference numeral 51 is constituted by, for example, a UNIX machine or a PC server. The database 1052 has the input / output device 1
Data input at 01, 102, and 103, and data processed at the application server 104 and the database server 105 are stored.
The database 1052 further stores a user master table storing user information and a menu master table storing file information, which will be described in detail later.

In the application server 104 and the database server 105, various accounting processes such as input data processing, that is, journalizing process of each input data, accounting in each accounting book, and posting process to a general ledger are executed. The application server 104 executes mainly the processing according to each application program, and the database server 105 executes the application server 10
4 is performed mainly on batch processing of processing data, for example, batch processing of data on a daily basis.

In order for the user of each of the input / output devices 101, 102, and 103 to access the data file stored in the database 1052, the user inputs a user ID and password unique to the user at the input / output device that performs the access. I do. FIG. 3 shows the login screen. As shown in FIG. 3, the user inputs on the screen a user ID and a setting password previously given to each user.

The input user ID and password are transferred to a server that executes access management via the network 106. In FIG. 2, it is assumed that the server 1051 is a server that executes access management. Server 1
051 is the user ID from the user via the network
And input password is received.

The server 1051 that has received the user ID and the input password from the user executes the user identification based on the user master table shown in FIG. As shown in FIG. 4, the user master table is a table that defines identification information and access authority of each user. Company code, user I
D, use start and end dates, user names, user passwords, and the like are set as input information for individual users. Based on these table information, user input ID
And password matching is performed.

Further, in the user master table shown in FIG. 4, in the items 8 to 11, such as "8. Temporary closing period input available section" and "9. Inquiry, registration, modification possible,
A field for deciding whether or not it is not provided is provided, and a predetermined value is input for each user. Further, the item 12 is provided with a field indicating a menu ID. This menu ID is an ID indicating a hierarchically structured data menu of a plurality of data files accessible to individual users, and will be described in detail later.

FIG. 5 shows an example of data generated according to the user master table. As shown in FIG. 5, data of each item of the user master table is set for each user, and FIG.
Is stored in the database 1052. In the example of the system configuration shown in FIG. 1, the user master table storing the user data is stored in the user master database 51.

In the example of the network type accounting system shown in FIG. 2, the database 1052 further holds a menu master table. FIG. 6 shows the data contents of the menu master table. The menu master table is a table that defines the unique information of each of the plurality of data files held in the database. In the example of the accounting processing system shown in FIG. The file is configured as a table that defines unique information corresponding to each accounting data file.

FIG. 6 is a diagram for explaining the data contents of the menu master table, and FIG. 7 is a diagram showing an example of sample data of the menu master table. FIG. 8 is a diagram showing an example in which a hierarchical data structure of a plurality of data files stored in the database 1052, that is, a hierarchically structured data structure stored in the database 1052 is displayed.

As can be understood from FIG. 6, individual data file information of a plurality of data files stored in the database 1052 is set in the menu master table. For example, unique information corresponding to each data file, such as a company code, a menu ID, and a menu item, is set as an input item. The fields (items) shown in FIG. 6 are representative fields, and various fields other than the fields shown in FIG. 6 are set in the actual table.

The menu master table shown in FIG. 6 will be described with reference to FIGS. As shown in FIG. 8, a plurality of data files stored in the database 1052 have a hierarchical structure. FIG. 8 uses the names of data files stored in the database 1052 as data file identifiers,
2 is a hierarchically structured data menu in which the data file configuration in FIG. In FIG. 8, for example, a file “Balance Inquiry”,
There are five data files of "arrangement input", "consumption tax", "others", and "generation source input". In addition, under the file "Balance Inquiry", the file "Account Ledger Inquiry"
There are three files: “held ledger inquiry” and “journal inquiry”.

Each item of the menu master table is set for each of these data files. FIG. 7 shows an example of sample data of the menu master table. In FIG. 7, similarly to FIG. 6, the items shown in the figure are representative items, and various items are set in the actual table in addition to the items shown in FIG.

As can be understood from FIG. 7, for example, in a data file having a menu display name of “balance inquiry”, a menu ID is “ACM0000”, a menu item is “1100”, a parent item is “1000”, and a menu item is “1000”. “1” is set as the category. Further, “ACM0000” as a menu ID, “1101” as a menu item, “1100” as a parent item, and “2” as a menu category are set in “Balance Ledger Inquiry” which is a lower file of “Balance Inquiry”. . Note that the sample data example in FIG. 7 is simply described and does not describe all the items shown in FIG.

In FIG. 6 and FIG.
"D" is an identifier unique to each data file, and is an identifier uniquely assigned to each of all data files forming the hierarchical structure of the hierarchical structure data menu shown in FIG. The “parent item ID” is the “menu item ID” of the data file that is higher in the hierarchical structure shown in FIG.
It shows. For example, the upper file of the file “Balance Ledger Inquiry” is “Balance Inquiry” and the “Menu Item ID” of “Balance Inquiry” is “1100”, so the “Parent Item ID” of the file “Balance Ledger Inquiry” is “ 1100 "
It is. The “menu category” is used as an identifier for distinguishing between a data file for starting a program as described in FIG. 6 and a submenu that does not need to start a unique program.

The "menu ID" will be described. The menu ID is, for example, an identifier indicating a hierarchical data menu configuration shown in FIG. In FIG. 8, “all rights menu” is described at the top. This indicates that all accessible data in the database is shown as a hierarchical structure. The identifier of the hierarchical structure data structure corresponding to this all-rights menu is, for example, menu ID: ACM00
00.

FIG. 9 shows a hierarchically structured data menu having a different structure from the hierarchically structured data menu shown in FIG. For example, the “source input” file, which is a lower file of the file “general account” shown in FIG. 8, is not shown in FIG. For example, the identifier of the hierarchically structured data menu configuration shown in FIG. 9 is menu ID: ACM0001.

Further, FIG. 10 shows a hierarchical structure data menu configuration different from the hierarchical structure shown in FIGS. For example, FIG. 10 does not show each file of “arrangement input”, “consumption tax”, “others”, and “source generation input” which are lower-level files of the file “general account” shown in FIG. The identifier of the hierarchical data menu configuration shown in FIG. 10 is defined as menu ID: ACM0002. FIG. 11 is the same as the hierarchically structured data menu configuration shown in FIG. 10, and shows the file "employee management" expanded.

Returning to FIG. 7, the correspondence with FIGS. 8 to 10 will be described. In FIG. 7, "ACM0000", "ACM0001", or "ACM0002" is set in the column of the item "menu ID". These indicate which menu file is the data displayed as a hierarchical structure as shown in FIGS. 8 to 10 when each menu file is designated.

As shown in FIGS. 4 and 5, the item “menu ID” is set for each user. That is, the menu ID is uniquely determined based on the user ID of each user. For example, in the sample example of FIG. 5, Mr. Sato of the user ID “ABCAB” has ACM0000 set as the menu ID, and the menu ID “ACM000” in the menu master sample of FIG.
A hierarchical structure data menu composed of data files set to “0” is displayed. This means that FIG.
It is an all-rights menu shown in FIG.

Mr. Sato of the user ID "ABCAB"
By inputting a user ID and a user password using any of the input / output devices 101 to 103 illustrated in FIG. 2 and transmitting the user ID and the user password to the database server 1051, the database server 1051 identifies the user ID and the user password. The user is confirmed using the user master table described in, and the menu ID set in the user master table is determined.

Further, the database server 1051
A data file having the same menu ID as the discriminated menu ID is extracted from the menu master table described with reference to FIGS. 6 and 7 based on the discriminated menu ID, and a hierarchical structure shown in FIGS. Generate a data menu. These hierarchical data menus are generated based on menu display names, parent item data, and the like set in the menu master table.

For example, the hierarchically structured data menu shown in FIGS. 8 to 10 includes a data file name of each data file,
Icons of each data file, upper and lower files,
These hierarchical structure data menus are composed of a connection such as a relation, a "+" sign indicating that a lower file exists in the file, and a "-" sign indicating that no lower file exists in the file. The information for this is basically obtained from the menu master table.

In the above example, the database server 1
051 shows an example in which a data file is selected from the menu master table based on the menu ID and a hierarchical data menu is generated by the selected data file. The menu may be registered in an independent hierarchical structure data menu table. With such a configuration, based on the menu ID transmitted from the user and identified by the user master table, the hierarchical structure data menu corresponding to the identification menu ID is immediately selected from the hierarchical structure data menu table, and It can be displayed on an input / output device. Therefore, it is possible to omit the step of searching the menu master table and generating a hierarchically structured data menu based on the search result.

When the user receives, for example, the hierarchical structure data menu display shown in FIG. 8 in the input / output devices 101 to 103, the user wants to open the displayed hierarchical structure data menu based on the hierarchical structure data menu shown in FIG. The file can be opened by designating the file with a predetermined pointing device such as a mouse click. Writing and deletion of data in each file are further set by input authority, inquiry authority and the like as shown in FIGS. 4 and 5, and processing is controlled according to the set data.

Returning to FIGS. 4 to 6, various authority control structures such as input authority will be described. Fields 8 to 11 of the user master table in FIG. 4 are fields for setting various authorities corresponding to individual users. For example, "9.
As described in the detail column, the “input authority category” is configured to allow or disallow entry on a company-wide, accounting unit, or department basis, and “10. It is configured to set whether or not inquiry can be made for each accounting unit and each department.

The field 7 "activation authority check category" of the menu master table of FIG. 6 sets the activation condition of each data file in accordance with the various authorities set in the fields 8 to 11 of the user master table of FIG. Field. The details are as described in the “details” column of FIG. 6. For example, if “N” is set in the field 7 of the menu master table of FIG. 6, the field “9: NKEKNBN” of the user master table is set. : If the "input authority classification" is blank, this data file will not be started.

For example, "9: NKEKNBN: input authority classification" is set in the menu master table corresponding to each of all data files displayed in the hierarchical structure data menu shown in FIG. The configuration is such that input restriction such as registration, correction, deletion, etc., inquiry restriction, and the like can be performed corresponding to the user.

For example, the user ID “KLMK” shown in FIG.
Mr. Suzuki of "N", "ACM000
"1" is set, and a hierarchically structured data menu composed of data files set with the menu ID "ACM0001" in the menu master sample of FIG. 7 is displayed. This is the menu 001 shown in FIG.

Mr. Tanaka of the user ID "PQRFD" shown in FIG. 5 has "ACM0002" set as the menu ID, and is composed of a data file in which "ACM0002" is set as the menu ID in the menu master sample of FIG. The displayed hierarchical structure data menu is displayed. This is the menu 002 shown in FIG.

A required file is opened from the displayed hierarchical structure data menu, and data inquiry, data input,
When executing data registration, etc., as described above, whether or not processing is permitted is determined based on various authorities such as the input authority of each file set in the user master table and the menu master table, and the user is permitted to perform the operations within the authorized authority. Processing is possible.

As described above, in the data access control device of the present invention, since the menu ID in which the hierarchical data menu to be displayed for each user is set is associated, the user identification based on the user ID and the like is performed. Is executed once, all files accessible to the user can be displayed on the terminal used by the user as a hierarchically structured data menu with a hierarchical structure, and access for each data file can be performed as in a conventional database system. There is no need to execute the permission process, and complicated processes are alleviated, and the processing time can be reduced. In addition, the user can list the data structures available to the user, help the user understand the database configuration, and achieve simplification of data file use. In addition, a confidential data file has a configuration in which not only the file name but also the existence itself in the database is not shown to a user who does not have an access right, so that confidentiality protection can be strengthened.

FIGS. 12 and 13 show setting screens for setting individual user information in the user master table in the data access control device of the present invention. FIG. 12 shows a basic information input screen of each user, and FIG. 13 shows a security information input screen.

In the setting screen shown in FIG. 12, a company name, a user ID, a start of use, an end date, a user name, and a section to which the user belongs are registered as user basic information. As for the password, each user performs communication with the database management server at an appropriate timing, inputs the password together with the user ID, and registers and changes the password.

In the security information input screen shown in FIG.
A menu ID for determining the hierarchical structure of the accessible data file is set, and data input, inquiry, and other rights for the accessible file are set. The data set in FIGS. 12 and 13 is registered in the user master table described in FIGS.

In the system configuration example of the data access control device shown in FIG. 1, the user information set in FIGS. 12 and 13 is registered in the user master database 51. When the access management server 30 receives the user ID and the password set from the user terminals 11 to 13 via the network 20, the data in which the corresponding user ID is registered is extracted from the user master database 51, and the corresponding menu ID is extracted. A menu master table is searched from the menu master database 52 based on the extracted menu ID, a data file having the corresponding menu ID is extracted, a hierarchical data menu is generated, and transmitted to the user terminal that has requested access.

The present invention has been described in detail with reference to the specific embodiments. However, it is obvious that those skilled in the art can modify or substitute the embodiment without departing from the spirit of the present invention. That is, the present invention has been disclosed by way of example, and should not be construed as limiting. In order to determine the gist of the present invention, the claims described at the beginning should be considered.

[0061]

As described above, according to the data access control device and the data access control method of the present invention, the hierarchical data menu to be displayed for each user is made to correspond to the user ID unique to the user. Since the configuration is set, by identifying the user ID, all accessible data ranges can be presented to the user as a hierarchical data menu, so that access approval / denial processing for each file becomes unnecessary, and processing time can be reduced. .

Further, according to the data access control device and the data access control method of the present invention, data files usable by the user can be listed as a hierarchical structure at the start of access, which helps the user to understand the database configuration. Easy to use data files is achieved.
Further, since a data file having confidentiality is configured not to show not only the file name but also the existence itself in the database to a user who does not have access right, the protection of confidentiality can be strengthened.

[Brief description of the drawings]

FIG. 1 is a diagram showing a system configuration example of a data access control device according to the present invention.

FIG. 2 is a diagram showing a configuration in which a data access control device according to the present invention is applied as a network type accounting system.

FIG. 3 is a diagram illustrating an example of a login screen on an input terminal of the network-based accounting processing system in FIG. 2;

FIG. 4 is a diagram illustrating a table configuration of a user master table in the accounting system according to the present invention.

FIG. 5 is a diagram showing a data sample of a user master table in the accounting system according to the present invention.

FIG. 6 is a diagram illustrating a table configuration of a menu master table in the accounting system according to the present invention.

FIG. 7 is a diagram showing a data sample of a menu master table in the accounting system according to the present invention.

FIG. 8 is a diagram showing a display example (part 1) of a hierarchical structure data menu of the accounting system according to the present invention.

FIG. 9 is a diagram showing a display example (part 2) of a hierarchical structure data menu of the accounting system according to the present invention.

FIG. 10 is a diagram showing a display example (3) of a hierarchical structure data menu of the accounting system according to the present invention.

FIG. 11 is a diagram showing a display example (part 4) of a hierarchical structure data menu of the accounting system according to the present invention.

FIG. 12 is a diagram (part 1) showing a data setting screen of a user master table in the accounting system according to the present invention.

FIG. 13 is a diagram (part 2) showing a data setting screen of a user master table in the accounting system according to the present invention.

[Explanation of symbols]

 11, 12, 13 user terminal 20 network 30 access management server 50 information file database 51 user master database 52 menu master database 101, 102, 103 input / output device 104 application server 105 database server 106 network 1041, 1042 server 1051 server 1052 database

────────────────────────────────────────────────── ───

[Procedure amendment]

[Submission date] January 19, 2000 (2000.1.1)
9)

[Procedure amendment 1]

[Document name to be amended] Statement

[Correction target item name] Claims

[Correction method] Change

[Correction contents]

[Claims]

7. The data access control method, wherein the access control means extracts a corresponding user identifier from a user master table based on a user identifier included in an access request from the terminal device. Identifying a menu identifier set in the user master table corresponding to the user identifier, selecting a data file having a menu identifier corresponding to the identified menu identifier from the menu master table, and selecting the selected data Data files containing all of the files
File range for each data file.
And hierarchical structure that can identify the existence of lower-level files
User-accessible hierarchical data menu
Access as a display menu showing the entire range of the data file
7. The data access control method according to claim 6, wherein the data is output to the terminal device that has made the request . ────────────────────────────────────────────────── ───

[Procedure amendment]

[Submission date] April 3, 2000 (200.4.3)

[Procedure amendment 1]

[Document name to be amended] Statement

[Correction target item name] Name of invention

[Correction method] Change

[Correction contents]

[Title of the Invention] Data access control device

[Procedure amendment 2]

[Document name to be amended] Statement

[Correction target item name] Claims

[Correction method] Change

[Correction contents]

[Claims]

[Procedure amendment 3]

[Document name to be amended] Statement

[Correction target item name] 0012

[Correction method] Change

[Correction contents]

[0012]

In order to achieve the above-mentioned object, a data access control device according to the present invention comprises a database means for storing a plurality of data files constituting a hierarchical structure, and a data file in the database means. A data access control device having at least one terminal device for making access to the data file and access control means for performing control relating to an access request to the data file from the terminal device, wherein the database means stores user information for each user A user master table, and a menu master table storing data file specific information corresponding to each data file of the plurality of data files stored in the database, wherein the user master table has a user identifier unique to the user. , The hierarchical structure data A menu identifier that uniquely determines a menu, and a processing authority setting field in which a user-specific input authority and an inquiry authority are set as processing authority for a data file for each user, wherein the menu master table includes, for each of the data files, And a menu identifier which uniquely sets the hierarchically structured data menu, and whether or not the data file can be started for each user based on the setting of the processing authority setting field of the user master table. An authority setting field, wherein the access control means extracts a corresponding user identifier from the user master table based on a user identifier included in an access request from the terminal device, and corresponds to the user identifier. Identifies the set menu identifier and identifies the A data file having a new identifier is selected from the menu master table and output to the terminal device as a display menu, and a processing authority setting field of the user master table is set in accordance with a setting value of an activation authority setting field of the menu master table. Refer to the setting value of
It has a configuration in which the activation of each data file is controlled according to the user based on the setting value of the activation authority setting field of the menu master table and the setting value of the processing authority setting field of the user master table. I do.

[Procedure amendment 4]

[Document name to be amended] Statement

[Correction target item name] 0013

[Correction method] Change

[Correction contents]

Further, in the data access control device according to the present invention, the data access control device constitutes an accounting processing system in which a plurality of input terminals are connected by a network, and the database includes a plurality of accounting data files related to accounting processing. And the menu master table is a table storing unique information for each of the plurality of accounting data files.

[Procedure amendment 5]

[Document name to be amended] Statement

[Correction target item name] 0014

[Correction method] Deleted

[Procedure amendment 6]

[Document name to be amended] Statement

[Correction target item name] 0015

[Correction method] Deleted

[Procedure amendment 7]

[Document name to be amended] Statement

[Correction target item name] 0016

[Correction method] Deleted

[Procedure amendment 8]

[Document name to be amended] Statement

[Correction target item name] 0017

[Correction method] Deleted

[Procedure amendment 9]

[Document name to be amended] Statement

[Correction target item name] 0018

[Correction method] Deleted

Claims (7)

[Claims] The present invention relates to database means for storing a plurality of data files constituting a hierarchical structure, one or more terminal devices for accessing data files in the database means, and an access request for the data files from the terminal devices. An access control unit for performing control, wherein the access control unit is configured to store the plurality of data stored in the database based on user identification information included in an access request from the terminal device. A data access control device having a configuration in which a hierarchically structured data menu composed of file identifiers of at least a part of data files of a file is output as a display menu to a terminal device which has issued an access request. 2. A data access control device comprising: a user master table storing user information for each user; and a menu storing data file specific information corresponding to each of a plurality of data files stored in the database. A master table, wherein the user master table has a user-specific user identifier and a menu for uniquely determining a hierarchically structured data menu constituted by a file identifier of at least a part of the plurality of data files. An identifier is set, and the menu master table has a configuration in which the menu identifier is set in association with each of the data files, and the access control unit performs an access from the terminal device. Based on the user identifier included in the request The extracts a user identifier from the corresponding user master table, corresponding to the extracted user identifier identifying the set menu identifier,
A data file having a menu identifier corresponding to the identified menu identifier is selected from the menu master table, and the hierarchically structured data menu is output as a display menu to a terminal device that has issued an access request. 2. The data access control device according to claim 1, wherein: 3. The user master table has a processing authority setting field for a data file for each user, and the menu master table has an activation authority setting field set corresponding to each of the data files. Wherein the access control means controls the activation of the data file based on the setting value of the processing authority setting field of the user master table and the setting value of the activation authority setting field of the menu master table. The data access control device according to claim 2, wherein 4. The data access control device constitutes an accounting system in which a plurality of input terminals are connected by a network, the database is a database storing a plurality of accounting data files related to accounting, and the menu 4. The data access control device according to claim 2, wherein the master table is a table storing unique information for each of the plurality of accounting data files. 5. A data access control device comprising: a user master table storing user information for each user; and a plurality of hierarchically structured data menus constituted by data file identifiers of a plurality of data files stored in the database. A stored hierarchical structure data menu table, wherein the user master table has a hierarchical data menu composed of a user identifier unique to a user and a file identifier of at least a part of the data files of the plurality of data files. A menu identifier to be uniquely determined is set; and the hierarchical structure data menu table has a configuration in which a hierarchical structure data menu associated with the menu identifier is registered. Included in access requests from Based on over The identifier, said extracts the user identifier corresponding user master table, corresponding to the extracted user identifier to identify the menu identifier set,
A structure wherein a hierarchically structured data menu having a menu identifier corresponding to the identified menu identifier is selected from the hierarchically structured data menu table and output as a display menu to a terminal device which has issued an access request. Item 2. The data access control device according to item 1. 6. A data access control method for controlling, by an access control means, an access request from a terminal device to a plurality of data files constituting a hierarchical structure stored in a database, wherein the access control means comprises: Discriminating user identification information included in the access request, and a hierarchy constituted by file identifiers of at least some of the plurality of data files stored in the database based on the discriminated user identification information. A data access control method, wherein a structure data menu is output to the terminal device as a display menu. 7. The data access control method, wherein the access control means extracts a corresponding user identifier from a user master table based on a user identifier included in an access request from the terminal device. Identifying a menu identifier set in the user master table in accordance with the user identifier, and selecting a data file having a menu identifier corresponding to the identified menu identifier from the menu master table; The data access control method according to claim 6, wherein a hierarchically structured data menu constituted by the above is output to the terminal device as a display menu.