[go: up one dir, main page]

CN100495397C - Document management system, document management device and document management method - Google Patents

Document management system, document management device and document management method Download PDF

Info

Publication number
CN100495397C
CN100495397C CNB2006100640501A CN200610064050A CN100495397C CN 100495397 C CN100495397 C CN 100495397C CN B2006100640501 A CNB2006100640501 A CN B2006100640501A CN 200610064050 A CN200610064050 A CN 200610064050A CN 100495397 C CN100495397 C CN 100495397C
Authority
CN
China
Prior art keywords
document
document management
user
management apparatus
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CNB2006100640501A
Other languages
Chinese (zh)
Other versions
CN101004745A (en
Inventor
山本研策
大瀬户太
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ricoh Co Ltd
Original Assignee
Ricoh Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ricoh Co Ltd filed Critical Ricoh Co Ltd
Publication of CN101004745A publication Critical patent/CN101004745A/en
Application granted granted Critical
Publication of CN100495397C publication Critical patent/CN100495397C/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A document managing system is provided with a plurality of document managing apparatuses each configured to retrieve a document stored in a storage according to a document ID and to judge whether or not an operation with respect to the retrieved document is possible according to a user ID that is generated with respect to each document managing apparatus, and a user ID generating apparatus provided externally to the document managing apparatuses and configured to generate a common user ID that is used in common among each of the document managing apparatuses. Each document managing apparatus has an expert and import part configured to export and import data of an arbitrary document and an access control list (ACL).

Description

文档管理系统、文档管理装置及文档管理方法 Document management system, document management device and document management method

技术领域 technical field

本发明一般涉及文档管理系统,更具体地涉及具有多个独立文档管理装置的文档管理系统。本发明还涉及文档管理装置及文档管理系统使用的文档管理方法。The present invention relates generally to document management systems, and more particularly to document management systems having a plurality of independent document management devices. The invention also relates to a file management method used by the file management device and the file management system.

背景技术 Background technique

一种由在网络中提供的服务器等构成的文档管理装置,记录例如文献情报的文档管理信息。除了每个文档的标识(ID)外,该文档管理信息还包括创建者、读者、编者等的用户ID(UIDs)。例如,使用UID来管理访问文档的权限。A document management device constituted by a server provided on a network and records document management information such as document information. This document management information includes user IDs (UIDs) of creators, readers, editors, etc., in addition to identification (ID) of each document. For example, use UIDs to manage permissions to access documents.

在例如公司的相对大的组织中,通常存在多个独立的文档管理装置。In relatively large organizations, such as companies, there are often multiple independent document management devices.

图1为示出了常规的文档管理系统的示例的结构图。图1中示出的文档管理装置100具有用于管理UID的UID管理部分101、用于管理文档的文档管理部分102、构成用于存储文档的存储器的文档数据库(DB)103、记录与文档访问权相关的访问权信息的访问控制列表(ACL)104。文档管理装置200具有类似于文档管理装置100的结构的结构,并且具有UID管理部分201、文档管理部分202、文档DB 203及ACL表204。FIG. 1 is a structural diagram showing an example of a conventional document management system. The document management apparatus 100 shown in FIG. 1 has a UID management section 101 for managing UIDs, a document management section 102 for managing documents, a document database (DB) 103 constituting a memory for storing documents, recording and document access Access Control List (ACL) 104 for access rights information related to rights. The document management apparatus 200 has a structure similar to that of the document management apparatus 100, and has a UID management section 201, a document management section 202, a document DB 203, and an ACL table 204.

例如,如果用户想要访问存储在图1中的文档管理装置100的文档DB103中的目标文档,则对于根据文档ID从文档DB103中检索的目标文档而言,文档管理部分102获取由UID管理部分101验证的用户的UID,并且通过参考ACL表104来查阅目标文档的访问权信息,并且允许用户在该用户被允许的范围内访问。For example, if a user wants to access a target document stored in the document DB 103 of the document management device 100 in FIG. 101 authenticates the UID of the user, and consults the access right information of the target document by referring to the ACL table 104, and allows the user to access within the scope allowed by the user.

另一方面,日本公开专利申请NO.2004-70416提出一种用于通过验证在网络系统的一个或多个验证系统注册的用户为目标服务的用户而向使用多个验证系统的网络系统中的用户提供服务的技术。On the other hand, Japanese Laid-Open Patent Application No. 2004-70416 proposes a method for providing services to a network system using multiple authentication systems by verifying that a user registered with one or more authentication systems of the network system is a user of a target service. The technology used by the user to provide the service.

在图1中示出的文档管理系统具有多个独立的文档管理装置,存在一些有必要使一个文档管理装置100中管理的一部分或所有文档向另一文档管理装置200分布、移动或结合的情况。在这些情况下,目标文档作为导出数据D1被从文档管理装置100分布至文档管理装置200,并且文档管理装置200接受该目标文档作为导入数据D2。The document management system shown in FIG. 1 has a plurality of independent document management apparatuses, and there are cases where it is necessary to distribute, move, or combine a part or all of documents managed in one document management apparatus 100 to another document management apparatus 200 . In these cases, the target document is distributed from the document management apparatus 100 to the document management apparatus 200 as the export data D1, and the document management apparatus 200 accepts the target document as the import data D2.

然而,文档管理装置100中的UID由UID管理部分101管理,并且文档管理装置200中的UID由UID管理部分201管理,且为每个文档管理装置独立地定义UID。因此,当被允许访问文档管理装置100中的目标文档的用户想要访问文档管理装置200中的同一目标文档时,可能发生一种情况,即:不允许该用户访问文档管理装置200中的目标文档,即使是同一用户访问同一目标文档。However, UIDs in the document management apparatus 100 are managed by the UID management section 101, and UIDs in the document management apparatus 200 are managed by the UID management section 201, and UIDs are defined independently for each document management apparatus. Therefore, when a user who is allowed to access a target document in the document management apparatus 100 wants to access the same target document in the document management apparatus 200, a situation may occur that the user is not allowed to access the target document in the document management apparatus 200. documents, even if the same user accesses the same target document.

如果这种情况发生,需要对文档管理装置200中的目标文档再次分配访问权。但是,当在文档管理装置100和200之间分布、移动或结合大量文档时,对文档访问权的再分配变成非常棘手的和复杂的操作,并且存在管理文档访问权的管理器的负荷将变得相当大的问题。If this happens, it is necessary to reassign the access right to the target document in the document management apparatus 200 . However, when a large number of documents are distributed, moved, or combined between the document management apparatuses 100 and 200, reallocation of document access rights becomes a very tricky and complicated operation, and there is a load on the manager who manages document access rights. becomes quite a problem.

发明内容 Contents of the invention

由此,本发明的一般目的是提供一种新颖的有用的文档管理系统、文档管理装置和文档管理方法,其中能够抑制上面描述的问题。Thus, it is a general object of the present invention to provide a novel and useful document management system, document management device and document management method in which the problems described above can be suppressed.

本发明的另一个更具体的目的是提供一种文档管理系统、文档管理装置及文档管理方法,其能够在文档管理系统的多个独立文档管理装置之间分布、移动或结合文档时,方便文档访问权的管理。Another more specific object of the present invention is to provide a document management system, document management device and document management method, which can facilitate document Management of Access Rights.

本发明的又一个目的是提供一种文档管理系统,该文档管理系统包括:多个文档管理装置,每个文档管理装置被配置为根据文档ID检索存储在存储器中的文档,并且根据关于每个文档管理装置所生成的用户ID来判断关于检索的文档的操作是否可能;用户ID生成装置,外部提供给文档管理装置,并被配置为生成在每个文档管理装置中公用的公用用户ID,其中每个文档管理装置具有被配置为导出和导入任意文档数据和访问控制列表(ACL)数据的导出和导入部分。根据本发明的文档管理系统,能够在文档管理系统的多个独立文档管理装置之间分布、移动或结合文档时,方便文档访问权的管理。Still another object of the present invention is to provide a document management system comprising: a plurality of document management devices, each configured to retrieve a document stored in a memory based on a document ID, and based on information about each The user ID generated by the document management device is used to judge whether the operation on the retrieved document is possible; the user ID generating device is externally provided to the document management device, and is configured to generate a public user ID common in each document management device, wherein Each document management apparatus has an export and import section configured to export and import arbitrary document data and access control list (ACL) data. According to the document management system of the present invention, it is possible to facilitate management of document access rights when documents are distributed, moved or combined among a plurality of independent document management devices of the document management system.

本发明的再一个目的是提供一种文档管理装置,该文档管理装置用于根据文档ID检索存储在存储器中的文档,并且根据关于每个文档管理装置所生成的用户ID来判断关于检索的文档的操作是否可能,该文档管理装置包括:用户ID管理部分,被配置为通过获取由外部用户ID生成装置生成并在包括该文档管理装置的多个文档管理装置中公用的公用用户ID,而在文档管理装置中管理用户ID;以及导出和导入部分,被配置为导出和导入任意文档数据和访问控制列表(ACL)数据。根据本发明的文档管理装置,能够在文档管理系统的多个独立文档管理装置之间分布、移动或结合文档时,方便文档访问权的管理。Still another object of the present invention is to provide a document management device for retrieving documents stored in a memory based on a document ID and judging about the retrieved document based on a user ID generated with respect to each document management device Whether the operation of the document management device is possible, the document management device includes: a user ID management section configured to, by acquiring a common user ID generated by an external user ID generation device and shared among a plurality of document management devices including the document management device, in A user ID is managed in the document management means; and an export and import section configured to export and import arbitrary document data and access control list (ACL) data. According to the document management device of the present invention, it is possible to facilitate the management of document access rights when documents are distributed, moved or combined among multiple independent document management devices of the document management system.

本发明的另一目的是提供一种用于文档管理系统的文档管理方法,在该文档管理系统中多个文档管理装置的每个被配置为根据文档ID检索存储在存储器中的文档,并且根据关于每个文档管理装置所生成的用户ID来判断关于检索的文档的操作是否可能,该文档管理方法包括:由外部提供给文档管理装置的用户ID生成装置生成在每个文档管理装置中公用的公用用户ID;以及响应用户指令,导出和导入任意文档数据和访问控制列表(ACL)数据。根据本发明的文档管理方法,能够在文档管理系统的多个独立文档管理装置之间分布、移动或结合文档时,方便文档访问权的管理。Another object of the present invention is to provide a document management method for a document management system in which each of a plurality of document management apparatuses is configured to retrieve a document stored in a memory based on a document ID, and based on Whether or not an operation is possible with respect to a retrieved document is judged with respect to a user ID generated by each document management device, the document management method includes: generating a user ID commonly used in each document management device by a user ID generating device externally provided to the document management device public user ID; and exporting and importing arbitrary document data and access control list (ACL) data in response to user instructions. According to the document management method of the present invention, it is possible to facilitate the management of document access rights when documents are distributed, moved or combined among multiple independent document management devices of the document management system.

当结合附图阅读时,本发明的其他目的和进一步的特征将在下面的详细说明中变得明显。Other objects and further features of the present invention will become apparent from the following detailed description when read in conjunction with the accompanying drawings.

附图说明 Description of drawings

图1为示出了常规的文档管理系统的示例的结构的图;FIG. 1 is a diagram showing the structure of an example of a conventional document management system;

图2为示出了根据本发明的文档管理系统的第一实施例的结构的图;FIG. 2 is a diagram showing the structure of the first embodiment of the document management system according to the present invention;

图3为用于解释在文档管理系统的第一实施例中的文档分布的图;FIG. 3 is a diagram for explaining document distribution in the first embodiment of the document management system;

图4为示出了用于解释导出操作的图;FIG. 4 is a diagram showing an explanation of an export operation;

图5为示出了用于解释导入操作的图;FIG. 5 is a diagram showing an explanation of an import operation;

图6为示出了根据本发明的文档管理系统的第二实施例的结构的图;FIG. 6 is a diagram showing the structure of a second embodiment of the document management system according to the present invention;

图7A和7B为用于解释文档管理系统的第二实施例的UID生成处理的图;7A and 7B are diagrams for explaining UID generation processing of the second embodiment of the document management system;

图8为用于解释文档管理系统的第二实施例的ACL设置处理的图;FIG. 8 is a diagram for explaining ACL setting processing of the second embodiment of the document management system;

图9为示出ACL表的图;FIG. 9 is a diagram showing an ACL table;

图10为示出根据本发明的文档管理系统的第三实施例的结构的图;FIG. 10 is a diagram showing the structure of a third embodiment of the document management system according to the present invention;

图11为用于解释文档管理系统的第三实施例的UID生成处理的图;FIG. 11 is a diagram for explaining UID generation processing of the third embodiment of the document management system;

图12为用于解释文档管理系统的第三实施例的另一个UID生成处理的图;FIG. 12 is a diagram for explaining another UID generation process of the third embodiment of the document management system;

图13为示出根据本发明的文档管理系统的第四实施例的结构的图;以及FIG. 13 is a diagram showing the structure of a fourth embodiment of the document management system according to the present invention; and

图14为示出文档管理系统的第四实施例的UID生成处理的图。Fig. 14 is a diagram showing UID generation processing of the fourth embodiment of the document management system.

具体实施方式 Detailed ways

将参考图2及后续附图给出根据本发明的文档管理系统、文档管理装置及文档管理方法的实施例的描述。A description will be given of an embodiment of a document management system, a document management device, and a document management method according to the present invention with reference to FIG. 2 and subsequent figures.

[第一实施例][first embodiment]

图2为示出了根据本发明的文档管理系统的第一实施例的结构的图。图2中所示的文档管理系统具有第一文档管理装置1和第二文档管理装置2。第一文档管理装置1和第二文档管理装置2中的每个可以是用于专用的专用服务装置,或是例如具有除了文档管理功能之外的功能的多功能外围设备(MFP)的设备。FIG. 2 is a diagram showing the structure of the first embodiment of the document management system according to the present invention. The document management system shown in FIG. 2 has a first document management device 1 and a second document management device 2 . Each of the first document management apparatus 1 and the second document management apparatus 2 may be a dedicated service apparatus for dedicated use, or a device such as a multifunction peripheral (MFP) having functions other than the document management function.

第一文档管理装置1具有:用户标识(UID)管理部分11,用于管理UID;文档管理部分12,用于管理文档;文档数据库(DB)13,构成用于存储文档的存储器;访问控制列表(ACL)表14,其记录与文档的访问权相关的访问权信息;以及导出和导入部分15,导出和导入文档和ACL。类似地,第二文档管理装置2具有:用户标识(UID)管理部分21,用于管理UID;文档管理部分22,用于管理文档;文档数据库(DB)23,构成用于存储文档的存储器;访问控制列表(ACL)表24,其记录与文档的访问权相关的访问权信息;以及导出和导入部分25,导出和导入文档和ACL。该UID不仅限于在验证时导入的UID类型等,还可以是指示用户属性的任何适合的UID,例如岗位(组、部门等)、位置及职权(授予的权利或权力的限制)。The first document management device 1 has: a user identification (UID) management part 11 for managing UIDs; a document management part 12 for managing documents; a document database (DB) 13 constituting a memory for storing documents; an access control list (ACL) table 14, which records access right information related to access rights of documents; and export and import section 15, which exports and imports documents and ACLs. Similarly, the second document management device 2 has: a user identification (UID) management part 21 for managing UIDs; a document management part 22 for managing documents; a document database (DB) 23 constituting a memory for storing documents; An access control list (ACL) table 24, which records access right information related to the access right of the document; and an export and import section 25, which exports and imports the document and the ACL. The UID is not limited to the UID type imported during authentication, but can also be any suitable UID indicating user attributes, such as position (group, department, etc.), location, and authority (granted right or restriction of authority).

除了第一文档管理装置1和第二文档管理装置2外,文档管理系统具有用于生成在第一文档管理装置1和第二文档管理装置2中公用的UID的UID生成装置3。当然,在文档管理系统中提供的文档管理装置的数量当然并不限于两个。In addition to the first document management device 1 and the second document management device 2 , the document management system has a UID generation device 3 for generating a UID common in the first document management device 1 and the second document management device 2 . Of course, the number of document management devices provided in the document management system is of course not limited to two.

当将文档存储在第一文档管理装置1的文档DB13中时,文档管理部分12从UID管理部分11获取UID,并且将获取的UID与文档ID相对应地设置在ACL表14中。这种情况下,UID管理部分11从UID生成装置3中获取第一文档管理装置1和第二文档管理装置2公用的公用UID,并且将该公用UID反映到ACL表14中。When storing a document in the document DB 13 of the first document management device 1 , the document management section 12 acquires the UID from the UID management section 11 and sets the acquired UID in the ACL table 14 in correspondence with the document ID. In this case, the UID management section 11 acquires the public UID common to the first document management device 1 and the second document management device 2 from the UID generation device 3 , and reflects the common UID in the ACL table 14 .

类似地,当将文档存储在第二文档管理装置2的文档DB23中时,文档管理部分22从UID管理部分21获取UID,并且将获取的UID与文档ID相对应地设置在ACL表24中。这种情况下,UID管理部分21从UID生成装置3中获取第一文档管理装置1和第二文档管理装置2公用的公用UID,并且将该公用UID反映到ACL表24中。Similarly, when storing a document in the document DB 23 of the second document management device 2, the document management section 22 acquires the UID from the UID management section 21, and sets the acquired UID in the ACL table 24 in correspondence with the document ID. In this case, the UID management section 21 acquires the public UID common to the first document management device 1 and the second document management device 2 from the UID generation device 3 , and reflects the common UID in the ACL table 24 .

这样,即使当第一文档管理装置1和第二文档管理装置2彼此独立时,也可以使UID在第一文档管理装置1和第二文档管理装置2之间公用。因此,即使当在第一文档管理装置1和第二文档管理装置2之间分布、移动或结合文档时,也可能避免不方便的情况,即:被允许访问第一文档管理装置1和第二文档管理装置2之一中的目标文档的用户不能访问第一文档管理装置1和第二文档管理装置2中的另一个中的同一目标文档。In this way, even when the first document management apparatus 1 and the second document management apparatus 2 are independent from each other, the UID can be made common between the first document management apparatus 1 and the second document management apparatus 2 . Therefore, even when documents are distributed, moved, or combined between the first document management apparatus 1 and the second document management apparatus 2, it is possible to avoid the inconvenient situation that access to the first document management apparatus 1 and the second document management apparatus 1 is permitted. A user of a target document in one of the document management apparatuses 2 cannot access the same target document in the other of the first document management apparatus 1 and the second document management apparatus 2 .

图3为用于解释在文档管理系统的该第一实施例中的文档分布的图。当从第一文档管理装置1向第二文档管理装置2分布文档时,第一文档管理装置1的导出和导入部分15,将文档的数据(即文档数据)和ACL数据作为导出数据D1分布。另一方面,第二文档管理装置2接收文档数据和ACL数据作为导入数据D2,并将文档数据存储在文档DB 23中并将ACL数据反映在ACL表24中(即,修改文档ID),从而保持访问权的一致性。FIG. 3 is a diagram for explaining document distribution in the first embodiment of the document management system. When distributing a document from the first document management apparatus 1 to the second document management apparatus 2, the export and import section 15 of the first document management apparatus 1 distributes the data of the document (ie, document data) and ACL data as export data D1. On the other hand, the second document management apparatus 2 receives document data and ACL data as import data D2, and stores the document data in the document DB 23 and reflects the ACL data in the ACL table 24 (i.e., modifies the document ID), thereby Keep access consistent.

图4为示出了用于解释导出操作的图。在图4中,通过第一文档管理装置1的客户软件或MFP的操作面板选择将要导出的文档41,并且使用鼠标右键点击等选择显示的弹出菜单42中的“导出”按钮,以指示导出处理。然后,指定导出数据的存储位置,并指示执行导出处理。图3中示出的导出和导入部分15导入文档ID,并从文档DB 13中检索与文档ID相对应的文档数据。此外,导出和导入部分15从ACL表14中获取与文档ID相对应的ACL数据,并将获取的ACL数据中的文档ID改为不定值。FIG. 4 is a diagram showing a diagram for explaining an export operation. In FIG. 4, the document 41 to be exported is selected by the client software of the first document management apparatus 1 or the operation panel of the MFP, and the "Export" button in the displayed pop-up menu 42 is selected using a right mouse click or the like to instruct the export process. . Then, specify the storage location of the exported data, and instruct to execute export processing. The export and import section 15 shown in FIG. 3 imports a document ID, and retrieves document data corresponding to the document ID from the document DB 13. Furthermore, the export and import section 15 acquires ACL data corresponding to the document ID from the ACL table 14, and changes the document ID in the acquired ACL data to an indeterminate value.

可以通过任何合适的方式将导出数据移动到第二文档管理装置2,所述任何合适的方式包括:例如(A)在网络中共享磁盘,(B)通过文件传输协议(ftp)等利用网络来传送导出数据,(C)利用可移动存储介质,例如通用串行总线(USB)存储手段(key)和外部硬盘驱动器(HDD)。The exported data can be moved to the second document management device 2 in any suitable manner, including, for example, (A) sharing a disk in a network, (B) using a network to transfer files through a file transfer protocol (ftp), etc. To transfer the export data, (C) utilize removable storage media such as Universal Serial Bus (USB) storage means (key) and external hard disk drive (HDD).

图5为示出了用于解释导入操作的图。在图5中,通过第二文档管理装置2的客户软件或MFP的操作面板选择用于存储导入的文档的文档的逻辑存储位置51,例如文件夹,并且利用鼠标右键点击等选择显示的弹出菜单52中的“导入”按钮,以指示导入处理。然后指定导入数据,并指示执行导入处理。图3中示出的导出和导入部分25导入包括文档数据和ACL数据的导出数据,将文档数据登记在文档DB23中,并且获取新的文档ID。然后,导出和导入部分25利用新的文档ID更新ACL数据中的文档ID,并且将具有更新的文档ID的ACL数据登记在ACL表24中。FIG. 5 is a diagram showing a diagram for explaining an import operation. In FIG. 5, a logical storage location 51 of a document for storing imported documents, such as a folder, is selected by the client software of the second document management device 2 or the operation panel of the MFP, and a displayed popup menu is selected by right mouse click or the like. 52 to indicate the import process. Then specify the import data and instruct to execute import processing. The export and import section 25 shown in FIG. 3 imports export data including document data and ACL data, registers the document data in the document DB 23, and acquires a new document ID. Then, the export and import section 25 updates the document ID in the ACL data with the new document ID, and registers the ACL data with the updated document ID in the ACL table 24 .

第一文档管理装置1可以直接执行分布操作,而不是执行导出操作。在这种情况下,通过第一文档管理装置1的客户软件或MFP的操作面板选择将要分布的文档,以指示分布处理。此外,第一文档管理装置1指定第二文档管理装置2为分布目的地并且指定第二文档管理装置2中的、文档的逻辑存储位置,例如文件夹,以指示执行分布操作。通过由第一文档管理装置1和第二文档管理装置2以这种方式连续地执行导出处理和导入处理,来实现上面描述的分布操作。The first document management apparatus 1 may directly perform the distribution operation instead of the export operation. In this case, the document to be distributed is selected by the client software of the first document management apparatus 1 or the operation panel of the MFP to instruct the distribution process. Furthermore, the first document management apparatus 1 designates the second document management apparatus 2 as the distribution destination and designates a logical storage location of the document, such as a folder, in the second document management apparatus 2 to instruct execution of the distribution operation. The distribution operation described above is realized by successively performing export processing and import processing by the first document management apparatus 1 and the second document management apparatus 2 in this manner.

因此,通过提供在第一文档管理装置1和第二文档管理装置2外部并独立于第一文档管理装置1和第二文档管理装置2的UID生成装置3,第一文档管理装置1和第二文档管理装置2可以共享由UID生成装置3提供的服务。因此,有可能生成第一文档管理装置1和第二文档管理装置2公用的公用UID(即,多个文档管理装置公用),并且有可能对同一用户提供同一UID。这样,当在多个文档管理装置之间分布、移动或结合文档时,不需要再分配文档的访问权。Therefore, by providing the UID generating means 3 outside the first document management apparatus 1 and the second document management apparatus 2 and independent of the first document management apparatus 1 and the second document management apparatus 2, the first document management apparatus 1 and the second document management apparatus 1 The document management device 2 can share the service provided by the UID generation device 3 . Therefore, it is possible to generate a common UID common to the first document management apparatus 1 and the second document management apparatus 2 (ie, common to a plurality of document management apparatuses), and it is possible to provide the same UID to the same user. In this way, there is no need to reassign access rights to documents when distributing, moving or combining documents among multiple document management devices.

[第二实施例][Second embodiment]

图6为示出了根据本发明的文档管理系统的第二实施例的结构的图。在图6中,给与图2中那些对应部分相同的那些部分指派相同的附图标记,因此省略了对那些部分的说明。在该第二实施例中,由轻量级目录访问协议(LDAP)服务器构成UID生成装置3,并且由用户目录的用户验证(UADU)部分相应地构成第一文档管理装置1和第二文档管理装置2的UID管理部分11和21。FIG. 6 is a diagram showing the structure of a second embodiment of the document management system according to the present invention. In FIG. 6 , those parts that are the same as those corresponding parts in FIG. 2 are assigned the same reference numerals, and thus descriptions of those parts are omitted. In this second embodiment, the UID generation means 3 is constituted by a Lightweight Directory Access Protocol (LDAP) server, and the first document management means 1 and the second document management means 1 are correspondingly constituted by the User Authentication (UADU) part of the user directory. The UID management sections 11 and 21 of the device 2.

图7A和7B为用于解释文档管理系统的该第二实施例的UID生成处理的图。在图7A中示出的步骤S1中,当指定用户并且从文档管理装置1(或2)的UID管理部分11(或21)向UID生成装置3请求UID获取时,构成UID生成装置3的LDAP服务器在步骤S2中返回完全限制区别名称(fully qualifieddistinguish name FQDN),其是用户的全局唯一名称(global unique name)。然后,UID管理部分11(或21)在步骤S3中由FQDN生成UID。7A and 7B are diagrams for explaining UID generation processing of this second embodiment of the document management system. In step S1 shown in FIG. 7A, when a user is specified and UID acquisition is requested from the UID management section 11 (or 21) of the document management device 1 (or 2) to the UID generation device 3, the LDAP that constitutes the UID generation device 3 The server returns a fully qualified distinguished name (FQDN) in step S2, which is the user's globally unique name (global unique name). Then, the UID management section 11 (or 21) generates a UID from the FQDN in step S3.

图7B示出了本实施例的UID的逻辑格式。图7B中示出的UID具有用于指示用户或用户组的类型的标识、用于识别存储用户信息的数据库的类型的用户空间、以及从LDAP服务器中获取的FQDN。FIG. 7B shows the logical format of the UID of this embodiment. The UID shown in FIG. 7B has an identification for indicating the type of user or user group, a user space for identifying the type of database storing user information, and an FQDN acquired from the LDAP server.

图8为用于解释文档管理系统的该第二实施例的ACL设置处理的图。UID管理部分11(或21)在图8中所示的步骤S3中生成UID之后,UID管理部分11(或21)在步骤S4中将该UID传送至文档管理部分12(或22)。文档管理部分12(或22)在步骤S5中从文档DB13中获取文档ID,并且在步骤S6中在ACL表14(或24)中设置获取的文档ID。FIG. 8 is a diagram for explaining ACL setting processing of this second embodiment of the document management system. After the UID management section 11 (or 21) generates the UID in step S3 shown in FIG. 8, the UID management section 11 (or 21) transmits the UID to the document management section 12 (or 22) in step S4. The document management section 12 (or 22) acquires the document ID from the document DB 13 in step S5, and sets the acquired document ID in the ACL table 14 (or 24) in step S6.

图9为示出ACL表14(或24)的图。在图9中示出的ACL表14(或24)中,UID和访问权与文档ID相对应地记录在ACL表14(或24)中。在图9中,RW指示进行查阅或更新访问的权利,而R指示进行查阅访问的权利。FIG. 9 is a diagram showing the ACL table 14 (or 24). In the ACL table 14 (or 24) shown in FIG. 9, UIDs and access rights are recorded in the ACL table 14 (or 24) in correspondence with document IDs. In FIG. 9, RW indicates the right to perform review or update access, and R indicates the right to perform review access.

[第三实施例][Third embodiment]

图10为示出根据本发明的文档管理系统的第三实施例的结构的图。在图10中,给与图6中的那些对应部分相同的那些部分指派相同的附图标记,并且省略了对那些部分的描述。在图10中,区别名称(DN)压缩和展开部分16和26被分别额外地提供在第一文档管理装置1和第二文档管理装置2中。DN压缩和展开部分16压缩和展开在ACL表14中设置的UID,DN压缩和展开部分26压缩和展开在ACL表24中设置的UID。此外,该第三实施例的结构与图6中示出的第二实施例的结构相同。FIG. 10 is a diagram showing the structure of a third embodiment of the document management system according to the present invention. In FIG. 10 , those parts that are the same as those corresponding parts in FIG. 6 are assigned the same reference numerals, and descriptions of those parts are omitted. In FIG. 10, Distinguished Name (DN) compression and expansion sections 16 and 26 are additionally provided in the first document management apparatus 1 and the second document management apparatus 2, respectively. The DN compression and expansion section 16 compresses and expands the UID set in the ACL table 14, and the DN compression and expansion section 26 compresses and expands the UID set in the ACL table 24. In addition, the structure of this third embodiment is the same as that of the second embodiment shown in FIG. 6 .

当利用LDAP服务器作为UID生成装置3时,不能预先规定从其中获得的FQDN数据的最大长度。另一方面,为了使文档管理装置能够创建管理ACL的ACL表,从规定ACL表的格式的角度来看,如果不能规定用户的全局唯一名称的最大长度,如FQDN数据的情况,是不方便的。When an LDAP server is utilized as the UID generating means 3, the maximum length of FQDN data obtained therefrom cannot be prescribed in advance. On the other hand, in order for the document management device to create an ACL table for managing ACLs, it is inconvenient if the maximum length of the user's globally unique name cannot be specified, as in the case of FQDN data, from the viewpoint of specifying the format of the ACL table .

因此,在该第三实施例中,从UID生成装置3中获取的FQDN不被按照生成UID时的原样使用,而是被压缩成替代的FQDN,即使是在相对长的FQDN的情况下其也可以放在ACL表中。换句话说,有可能扩大可记录在ACL表中的FQDN的最大长度的限制。Therefore, in this third embodiment, the FQDN acquired from the UID generating means 3 is not used as it is when generating the UID, but is compressed into a substitute FQDN, which can be used even in the case of a relatively long FQDN. Can be placed in the ACL table. In other words, it is possible to expand the limit of the maximum length of the FQDN that can be recorded in the ACL table.

图11为用于解释文档管理系统的该第三实施例的UID生成处理的图。在图11中,通过文档管理装置1(或2)的UID管理部分11(或21)从UID生成装置3中获取的FQDN,在步骤S11中被DN压缩和展开部分16(或26)压缩成二进制数据状态的压缩的FQDN。可以利用任何适合的已知的压缩技术用于FQDN的压缩,但是一般地说,有可能获得属于近似70%量级的压缩率(效率)。FIG. 11 is a diagram for explaining UID generation processing of this third embodiment of the document management system. In Fig. 11, the FQDN obtained from the UID generation device 3 by the UID management part 11 (or 21) of the document management device 1 (or 2) is compressed by the DN compression and expansion part 16 (or 26) in step S11 into The compressed FQDN of the binary data state. Any suitable known compression technique may be utilized for the compression of the FQDN, but in general it is possible to obtain compression ratios (efficiencies) of the order of approximately 70%.

然后,DN压缩和展开部分16(或26)在步骤S12,通过将该压缩的FQDN转换成诸如Base64的文本,而生成替代的FQDN,这样文本数据状态的替代的FQDN可以被用作UID的一部分。通过这种到文本的转换,数据大小有一些增加,但是通过压缩和到文本的转换的结合,可以预期属于近似50%量级的压缩率(或效率)。Then, the DN compression and expansion part 16 (or 26) generates an alternative FQDN at step S12 by converting the compressed FQDN into text such as Base64, so that the alternative FQDN of the text data state can be used as a part of the UID . With this conversion to text, there is some increase in data size, but with the combination of compression and conversion to text, compression ratios (or efficiencies) of the order of approximately 50% can be expected.

图12为用于解释文档管理系统的该第三实施例的UID生成处理的图。在这种情况下,不是直接压缩从UID生成装置3获取的FQDN,而是在步骤S21中执行标准化处理以移除可能在FQDN中包含的分隔符前后的间隔(其原本就应该被忽略的)。此后执行的步骤S22至S24与图11中所示的步骤S11至S13相同,除了步骤S22压缩已经被移除了间隔的FQDN。FIG. 12 is a diagram for explaining UID generation processing of this third embodiment of the document management system. In this case, instead of directly compressing the FQDN obtained from the UID generating means 3, normalization processing is performed in step S21 to remove the space before and after the delimiter that may be contained in the FQDN (it should be ignored originally) . Steps S22 to S24 performed thereafter are the same as steps S11 to S13 shown in FIG. 11 except that step S22 compresses the FQDN from which the gap has been removed.

由此,通过如图11或图12中所示地压缩FQDN,有可能延长ACL可用的FQDN的最大长度的限制。Thus, by compressing the FQDN as shown in FIG. 11 or FIG. 12, it is possible to extend the limit of the maximum length of the FQDN usable by the ACL.

此外,有可能在UID管理部分11(或21)的控制下,通过在DN压缩和展开部分16(或26)中执行展开操作以展开替代的FQDN,从而获取原始的FQDN。由此,文档管理装置1(或2)可以以正常的方式对构成UID生成装置3的LDAP进行访问。In addition, it is possible to acquire the original FQDN by performing an expansion operation in the DN compression and expansion section 16 (or 26) to expand a substitute FQDN under the control of the UID management section 11 (or 21). Thereby, the document management apparatus 1 (or 2) can access LDAP constituting the UID generating apparatus 3 in a normal manner.

[第四实施例][Fourth Embodiment]

图13为示出根据本发明文档管理系统的第四实施例的结构的图。在图13中,给与图6中的那些对应部分相同的那些部分指派相同的附图标记,并且省略了对那些部分的描述。在图13中,分别在第一文档管理装置1和第二文档管理装置2中额外地提供散列表17和27。在该第四实施例中,从UID生成装置3中获取的FQDN不被按照生成UID时的原样使用,类似于上述第三实施例的情况,该FQDN经过散列处理,这样即使是在相对长的FQDN的情况下FQDN也能够放在ACL表中。更具体的,文档管理装置1(或2)的UID管理部分11(或21)对FQDN执行散列处理,并且将散列值和原始FQDN相互对应地记录在散列表17(或27)中。此外,将FQDN数据的散列值(或散列码)以及FQDN数据的预定数目的首标(或开始)字节作为替代UID设置在ACL表14(或24)中。FIG. 13 is a diagram showing the structure of a fourth embodiment of the document management system according to the present invention. In FIG. 13 , those parts that are the same as those corresponding parts in FIG. 6 are assigned the same reference numerals, and descriptions of those parts are omitted. In FIG. 13, hash tables 17 and 27 are additionally provided in the first document management apparatus 1 and the second document management apparatus 2, respectively. In this fourth embodiment, the FQDN obtained from the UID generation device 3 is not used as it is when generating the UID. Similar to the case of the third embodiment above, the FQDN is hashed, so that even in a relatively long In the case of FQDN, the FQDN can also be placed in the ACL table. More specifically, the UID management section 11 (or 21) of the document management device 1 (or 2) performs hash processing on the FQDN, and records the hash value and the original FQDN in the hash table 17 (or 27) in correspondence with each other. Furthermore, the hash value (or hash code) of the FQDN data and a predetermined number of header (or start) bytes of the FQDN data are set in the ACL table 14 (or 24) as a substitute UID.

图14为示出文档管理系统的该第四实施例的UID生成处理的图。在图14中,文档管理装置1(或2)的UID管理部分11(或21),在步骤S31中,利用例如MD5的算法,基于从UID生成装置3中获得的FQDN计算散列值,并且将计算的散列值与原始FQDN相对应地设置在散列表17(或27)中。在这种情况下,从同一FQDN获取的散列值相同,但是为了保持散列值的大小较小,允许多个FQDN对应同一散列值。假设在执行散列处理之前,FQDN被标准化以删除非必要的间隔。FIG. 14 is a diagram showing UID generation processing of this fourth embodiment of the document management system. In FIG. 14, the UID management part 11 (or 21) of the document management device 1 (or 2), in step S31, utilizes an algorithm such as MD5 to calculate a hash value based on the FQDN obtained from the UID generation device 3, and The calculated hash value is correspondingly set in the hash table 17 (or 27) with the original FQDN. In this case, the hash value obtained from the same FQDN is the same, but in order to keep the size of the hash value small, multiple FQDNs are allowed to correspond to the same hash value. It is assumed that FQDNs are normalized to remove unnecessary gaps before hashing is performed.

然后,在步骤S32中,UID管理部分11(或21)将原始FQDN的N个报头(或前导)字节、间隔符(#)和散列值认作替代的FQDN,并通过将标识符和用户空间组合而生成UID。为了使FQDN能够被指定,由于允许多个FQDN对应同一个散列值,所以将原始FQDN的N个报头(或前导)字节包括在替代的FQDN中。FQDN由按如下顺序的用户名、主机名、子域名、域名、组织类型和国家代码规定。对这个顺序的后面部分来说,FQDN的识别更加困难,但是由于FQDN的标题部分没有信息重叠(即,FQDN的标题部分的信息不匹配),所以有可能通过标题部分来指定FQDN。Then, in step S32, the UID management section 11 (or 21) considers N header (or leading) bytes, a spacer (#) and a hash value of the original FQDN as an alternative FQDN, and by combining the identifier and User space combination to generate UID. In order to enable the FQDN to be specified, since multiple FQDNs are allowed to correspond to the same hash value, N header (or leading) bytes of the original FQDN are included in the substitute FQDN. The FQDN is specified by username, hostname, subdomain, domain name, organization type, and country code in the following order. Identification of the FQDN is more difficult for later parts of the sequence, but since there is no information overlap in the header part of the FQDN (ie, the information in the header part of the FQDN does not match), it is possible to specify the FQDN by the header part.

通过到散列值的转换而从FQDN生成UID,具有任意长度的该散列值可以作为唯一对应FQDN并被用作替代的UID。The UID is generated from the FQDN by conversion to a hash value which, with any length, can be uniquely corresponding to the FQDN and used as an alternative UID.

此外,UID管理部分11(或21)可以通过对替代的FQDN执行检索操作,而从散列表17(或27)获取原始的FQDN。因此,文档管理装置1(或2)可以以一般方式对构成UID生成装置3的LDAP服务器进行访问。Furthermore, the UID management section 11 (or 21) can acquire the original FQDN from the hash table 17 (or 27) by performing a retrieval operation on the substituted FQDN. Therefore, the document management apparatus 1 (or 2) can access the LDAP server constituting the UID generation apparatus 3 in a general manner.

本申请要求2005年10月28日向日本专利局提交的日本专利申请No.2005-315056以及2006年10月11日向日本专利局提交的日本专利申请No.2006-278079的优先权,其公开内容在此引入作为参考。This application claims priority to Japanese Patent Application No. 2005-315056 filed with the Japan Patent Office on October 28, 2005 and Japanese Patent Application No. 2006-278079 filed to the Japan Patent Office on October 11, 2006, the disclosure of which is at This is incorporated by reference.

此外本发明不仅限于这些实施例,并且在不背离本发明的范围的条件下可以作出各种改变和修改。Also the present invention is not limited to these embodiments, and various changes and modifications can be made without departing from the scope of the present invention.

Claims (3)

1. document file management system comprises:
A plurality of document management apparatus, each document management apparatus is configured to according to the document of document id retrieve stored in document database, and is configured to according to judging about the user ID that described each document management apparatus generated whether the operation about the document retrieved is possible;
User ID generating apparatus, outside offer described document management apparatus, and are configured to be created on user ID public in each document management apparatus,
The user ID administrative section that in each document management apparatus, provides, it is configured to the user ID obtaining user ID and obtain with administrative institute;
The document management part that in each document management apparatus, provides, it is configured to by making access right, user ID and document id to document correspond to each other management document;
The access control list ACL part that in each document management apparatus, provides, it is configured to access right, user ID and document id to document are registered as the ACL data; And
Derivation that in each document management apparatus, provides and lead-in portion, it is configured to derive and import the document data and the ACL data of document,
Wherein, the derivation of first document management apparatus in described a plurality of document management apparatus and lead-in portion are with document data and ACL data transmission second document management apparatus in described a plurality of document management apparatus, the document management part of described second document management apparatus will be registered in the database of described second document management apparatus from the document data that described first document management apparatus sends, obtain new document id, ACL data document ID is updated to this new document id, and
The user ID administrative section of described second document management apparatus is obtained the user ID that is common to each document management apparatus from described user ID generating apparatus, and the user ID of being obtained is registered in the acl section of described second document management apparatus.
2. document management apparatus, its document that search is stored in document database according to document id, and judge according to the user ID that is generated about the document management devices whether the operation about the document searched for is possible, comprising:
The user ID administrative section, it is configured to obtain the user ID that user ID and administrative institute obtain from the user ID generating apparatus, and this user ID generating apparatus is provided to the document management devices from the outside, and is created on user ID public in each management devices;
The document management part, it is configured to by making access right, user ID and document id to document correspond to each other management document;
The access control list ACL part, it is configured to access right, user ID and document id to document are registered as the ACL data; And
Derive and lead-in portion, it is configured to derive and import the document data and the ACL data of document,
Wherein, described derivation and lead-in portion with document data and ACL data transmission to another document management apparatus except that the document management devices,
The document management part of described another document management apparatus will be registered in the database of described another document management apparatus from the document data that the document management devices sends, and obtains new document id, and ACL data document ID is updated to this new document id, and
The user ID administrative section of described another document management apparatus is obtained the user ID that is common to each document management apparatus from described user ID generating apparatus, and the user ID of being obtained is registered in the acl section of described another document management apparatus.
3. the document management method of a document management apparatus, the document management devices document that search is stored in document database according to document id, and judge according to the user ID that is generated about the document management devices whether the operation for the document of being searched for is possible, comprising:
The user ID administrative section is obtained the step of the user ID that user ID and administrative institute obtain from the user ID generating apparatus, and this user ID generating apparatus is provided to the document management devices from the outside, and is created on user ID public in each management devices;
Document management part corresponds to each other the step of management document by making access right, user ID and document id to document;
The access control list ACL part will be registered as the step of ACL data to access right, user ID and the document id of document; And
Derive and lead-in portion derivation and the document data of importing document and the step of ACL data,
Wherein, the step of described derivation and importing is by deriving and lead-in portion arrives another document management apparatus except that the document management devices with document data and ACL data transmission,
The step of described management document will be registered in the database of described another document management apparatus from the document data that the document management devices sends by the document management part of described another document management apparatus, obtain new document id, and ACL data document ID is updated to this new document id, and
Described obtaining with the step of leading subscriber ID obtained the user ID that is common to each document management apparatus by the user ID administrative section of described another document management apparatus from described user ID generating apparatus, and the user ID of being obtained is registered in the acl section of described another document management apparatus.
CNB2006100640501A 2005-10-28 2006-10-30 Document management system, document management device and document management method Expired - Fee Related CN100495397C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
JP2005315056 2005-10-28
JP315056/05 2005-10-28
JP278079/06 2006-10-11

Publications (2)

Publication Number Publication Date
CN101004745A CN101004745A (en) 2007-07-25
CN100495397C true CN100495397C (en) 2009-06-03

Family

ID=38703889

Family Applications (1)

Application Number Title Priority Date Filing Date
CNB2006100640501A Expired - Fee Related CN100495397C (en) 2005-10-28 2006-10-30 Document management system, document management device and document management method

Country Status (1)

Country Link
CN (1) CN100495397C (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101965709B (en) * 2008-03-10 2013-12-11 三菱电机株式会社 Secret information management apparatus, information processing apparatus, and secret information management system
CN103854116A (en) * 2012-12-03 2014-06-11 四川电力超高压建设管理公司 Distributed remote drawing method implementation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
数字校园中基于LDAP的统一用户身份管理技术研究. 张辉,杨岳湘,汪诗林.计算机工程与科学,第27卷第1期. 2005 *

Also Published As

Publication number Publication date
CN101004745A (en) 2007-07-25

Similar Documents

Publication Publication Date Title
US7664829B2 (en) Document managing system, document managing apparatus and document managing method
US12118541B2 (en) Recordation of device usage to blockchains
US11228597B2 (en) Providing control to tenants over user access of content hosted in cloud infrastructures
EP3255567B1 (en) Method and apparatus for content sharing
US8370910B2 (en) File server for translating user identifier
US10771261B1 (en) Extensible unified multi-service certificate and certificate revocation list management
JP6573044B1 (en) Data management system
US8090853B2 (en) Data access control
US8510860B2 (en) Local storage of information pedigrees
JP2008186330A (en) Use authorization managing device, content sharing system, content sharing method and content sharing program
US9355270B2 (en) Security configuration systems and methods for portal users in a multi-tenant database environment
US20240061825A1 (en) Method and system for using external content type object types
EP4307153A1 (en) Tamper-evident storage of media streams
US7882130B2 (en) Method and apparatus for requestor sensitive role membership lookup
US20020019822A1 (en) Database management system, method and program
CN100495397C (en) Document management system, document management device and document management method
KR20180033069A (en) Image processing apparatus, control method therefor, and storage medium
CN116886758B (en) Cloud storage information security management method, device, system and storage medium
KR20070038665A (en) Distributed File System and Its Operation Method
JP6229997B2 (en) Data management system and program
JP6809581B2 (en) Data management system
JP4492569B2 (en) File operation control device, file operation control system, file operation control method, and file operation control program
JP2008204413A (en) Information processing system and information processing program
CN116886758A (en) Cloud storage information security management method, device, system and storage medium
CN115269538A (en) A file processing method, device, device and storage medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20090603

Termination date: 20181030

CF01 Termination of patent right due to non-payment of annual fee