JP5565014B2 - Database access management system, management method and program - Google Patents

Description

  The present invention relates to a database access management system, a management method, and a program for managing an access control list for a database.

  In recent years, companies have taken information security measures voluntarily by introducing, for example, ISMS (Information Security Management System) and receiving authentication. As one of information security measures, there is an access right setting for an in-company DB (database). Companies set access rights to the DB to prevent information leakage due to unauthorized access to the DB.

  The access right for the DB is set by an ACL (Access Control List). For example, the DB administrator creates an ACL in which an access right holder who can access the DB is created and stored in the DB server. The DB server refers to the ACL in response to a request for access to the DB, and permits access to the DB only when the account that requested the access is the account of the access right holder.

  By the way, for ACL, confirmation of new registration or change is regularly performed. Specifically, the DB administrator periodically checks the registration of a new DB and its ACL, the registration of a new access right holder to the ACL, and the change of the access right holder registered in the ACL. ing. In Patent Document 1, as a technique for confirming an ACL, it is possible to easily obtain information on a target registered in an ACL in which a group is recorded. Discloses a technology that makes it possible to know who has access rights.

  However, in Patent Document 1, it is possible to check a list of ACL access right holders and their access ranges, but it is not easy to check changes from the list. Moreover, in patent document 1, the record which implemented ACL confirmation cannot be left. Therefore, it is necessary to manually write the access right holder and the access range of the confirmed change to the table data etc., and the burden on the DB administrator when leaving a record of the ACL check is left. Was big.

  The present invention has been made in view of the above, and is a database access management system, a management method, and a program that can easily perform confirmation of a change in an access control list and recording of the confirmation. The purpose is to provide.

In order to solve the above-described problems and achieve the object, the database access management system of the present invention includes an acquisition means for acquiring an access control list related to database access rights stored in a database server, and the access control list. Storage means for storing the master data separately in an access control list master relating to the entry of the access control list and an access control list name table relating to the name entered in the access control list, and stored in the storage means and master data of the access control list on the basis of the difference between the access control list acquired by the acquisition unit, a detecting means for detecting the renewal of the access control list, and displays the update content of the detected Display means and an approval instruction for the displayed update A receiving unit configured to apply only in response to the authorization indication, and updating means for updating the master data of the access control list based on the renewal there such approval instruction, renewal there is the authorization instruction, access And recording means for recording document data including the holder and the access range in the storage means as document data indicating the confirmation of the access control list.

Further, the management method of the present invention is an access control list management method in a database access management system, wherein an acquisition step of acquiring an access control list related to a database access right stored in a database server, and the access control and access control lists master about the entries in the list, the master data of the stored the access control list in the storage means divided into access control list name table for said entered in the access control list name, the access control with acquisition A detection step of detecting an update of the access control list based on a difference from the list, a display step of displaying the detected update, and a reception step of accepting an approval instruction for the displayed update According to accepted approval instructions An update step for updating the master data of the access control list based on the update for which the approval instruction has been issued, and the document data including the update for the approval instruction, the access right holder and the access range, And a recording step of recording in the storage means as document data indicating that the access control list has been confirmed.

In addition, the program of the present invention includes an acquisition step of acquiring an access control list relating to database access right stored in a database server in a computer of a database access management system, and an access control list master relating to an entry in the access control list When the master data of the access control list stored in the storage means divided into access control list name table for said entered in the access control list name, a difference between the access control list that acquisition based on A detection step for detecting an update of the access control list, a display step for displaying the detected update, a reception step for receiving an approval instruction for the displayed update, and a response to the received approval instruction The approval instructions An update step for updating the master data of the access control list on the basis of the minutes, and confirmation of the access control list for the document data including the updated portion, the access right holder and the access range for which the approval instruction has been issued. Recording step of recording in the storage means as document data to be shown.

  According to the present invention, there is an effect that it is possible to easily confirm the change of the access control list and to record the confirmation.

FIG. 1 is a block diagram showing the configuration of the DB access management system according to the present embodiment. FIG. 2 is a diagram showing a data structure of the ACL. FIG. 3 is a diagram illustrating the contents stored in the management master DB. FIG. 4 shows the data structure of the ACL master. FIG. 5 shows the data structure of the ACL name table. FIG. 6 is a block diagram illustrating a configuration example of a personal computer. FIG. 7 is a ladder chart showing an example of the operation of the DB access management system according to the present embodiment. FIG. 8 is a ladder chart showing an example of the operation of the DB access management system according to the present embodiment. FIG. 9 is a diagram illustrating an example of a display screen. FIG. 10 is a diagram illustrating an example of a display screen. FIG. 11 is a diagram illustrating a data configuration of the DB management document.

  Exemplary embodiments of a database access management system, a management method, and a program according to the present invention will be explained below in detail with reference to the accompanying drawings. This management system manages access to each DB in accordance with ACL, which is a list of users having access rights set for each DB.

  FIG. 1 is a block diagram showing a configuration of a DB access management system 100 according to the present embodiment. As shown in FIG. 1, the DB access management system 100 includes a terminal device 1, a DB server 2, and a management server 3. In the DB access management system 100, the terminal device 1, the DB server 2, and the management server 3 are connected via a communication network 4 such as the Internet or a LAN (Local Area Network).

  The terminal device 1 is an information terminal for a user to perform various operations using the DB access management system 100 such as browsing data stored in the DB. A specific configuration of the terminal device 1 will be described later.

  The DB server 2 is a server device that stores a DB 21 subject to access control and an ACL 22 for the DB. The DB server 2 may store a plurality of DBs and an ACL for each DB. When the DB server 2 receives an access request to the DB 21 from, for example, the terminal device 1 connected via the communication network 4, the DB server 2 refers to the ACL 22 and determines whether the user who has made the access request has the access right. Is determined. Then, when the user who has made the access request is an access right holder, the DB server 2 permits access to the DB 21.

  FIG. 2 is a diagram illustrating a data configuration of the ACL 22. As shown in FIG. 2, the ACL 22, the ID, the authority information, and the role information are recorded in association with each other. Further, the ACL 22 stores a database name for identifying the DB 21 to be accessed.

  The ID is identification information for specifying a user who has an access right. Specifically, the ACL 22 records, as IDs, a personal ID that is identification information of a user permitted to access the DB 21 and a group ID that is identification information of a group permitted to access. . In the example illustrated in FIG. 2, an ID starting with “G” is a group ID, and an ID starting with “P” is a personal ID. Note that only one of a personal ID and a group ID may be recorded in the ACL 22.

  When the group ID is recorded in the ACL 22, all users belonging to the group specified by the group ID are permitted to access the DB 21. Further, when the group is hierarchized, access to the DB 21 may be permitted to users of all groups belonging to the lower hierarchy of the group recorded in the ACL 22. That is, the user specified by the personal ID in the ID column in the ACL 22 and the user belonging to the group specified by the group ID in the ID column have access rights.

  The authority information is access authority information indicating authority relating to a usage mode or the like of information to be accessed, and is recorded in association with an ID. The authority information includes, for example, “reader” indicating that only information can be browsed, “editor” indicating that editing is also possible.

  The role information is information indicating the role of the user who has the access right, and is recorded in association with the ID. Examples of role information include “technology”, “planning”, and “management”, and are used for special operations such as agents. Specifically, when the DB server 2 displays information in the DB 21 on the terminal device 1 that is used by a user having access rights, the button operation corresponding to the role information is also displayed. Thus, a specific operation can be permitted to a person having a specific role. It should be noted that when the role information is “none”, the specific operation is not permitted, and when the role information is recorded, a plurality of permitted specific operations are permitted. For example, since “management” indicates a role for managing the DB access management system 100, when the role information is “management”, an operation for setting the access right of the DB is permitted. A user set with the role of “management” is referred to as “DB administrator” in the following description.

  Returning to FIG. 1, the management server 3 is a server device that manages information related to organizations such as companies and master data that is the basis of access control of each DB in the DB access management system 100. The master DB 32 is stored. The attribute information DB 31 is a database that stores attribute information such as names, addresses, and departments of users belonging to an organization. Specifically, for each user, a personal ID and attribute information such as the name, address, and department to which the individual is associated are recorded.

  The management master DB 32 is master data for access control of each DB in the DB access management system 100 and manages the ACL 22 of the DB 21 in the DB access management system 100 in an integrated manner. As described above, the DB access management system 100 is configured to have the management master DB 32 that is the master data of the ACL 22 in addition to the ACL 22. Therefore, in the DB access management system 100, the content of the ACL 22 that is managed and managed by the management master DB 32 is compared with the content registered in the actual ACL 22, and the difference between them is detected. The updated part can be easily detected.

  FIG. 3 is a diagram illustrating contents stored in the management master DB 32. As shown in FIG. 3, the management master DB 32 stores a confirmation document 321, a DB management document 322, an ACL master 323, and an ACL name table 324.

  The confirmation document 321 is document data for the DB administrator to periodically confirm changes in the management master DB 32. The confirmation document 321 is registered when a user makes an application such as registration of a new DB and its ACL, registration of a new access right holder to the ACL, change of the access right holder registered in the ACL, It is generated by a generation process to be described later.

  The DB management document 322 records the confirmation by the DB administrator, such as registration of a new DB and its ACL, registration of a new access right holder to the ACL, and change of the access right holder registered in the ACL. Document data. Specifically, a confirmation document 321 confirmed by the DB administrator is stored as an implementation record (details will be described later).

  The ACL master 323 is master data of data entered (registered) in the ACL 22 and includes a role table and an ACL entry table. FIG. 4 is a diagram illustrating a data configuration of the ACL master 323.

  As shown in FIG. 4, the roll table of the ACL master 323 associates roll data (role information) with a roll CD that encodes the roll data. The role information is coded by this roll table. Thus, role information can be managed efficiently by coding role information. The ACL entry table of the ACL master 323 associates ACL authority, ACL type, various options (option (1) to option (9) in the illustrated example), and role CD for each ACL entry.

  The ACL name table 324 is a table that stores data related to names of users, groups, servers, etc. in the entries. FIG. 5 is a diagram illustrating a data configuration of the ACL name table 324. As shown in FIG. 5, the ACL name table 324 stores ACL authority and names related to users and group servers for each ACL entry. This name may refer to the attribute information DB 31.

  The management master DB 32 stores data for managing the ACL 22 in a divided manner into an ACL master 323 relating to ACL entries and an ACL name table 324 relating to names entered in the ACL. This is because including the name of one ACL entry (one field in the management master DB 32) increases the data size, and cannot be used when there is a limit on the data size per field. Therefore, as described above, by dividing the ACL master 323 and the ACL name table 324, the data size per field is reduced, and this corresponds to the case where the data size per field is limited.

  Next, specific configurations of the terminal device 1, the DB server 2, and the management server 3 will be described. The terminal device 1, the DB server 2, and the management server 3 are information devices such as WS (Work Station) and a personal computer. In this embodiment, a case where a personal computer is used will be described as an example. FIG. 6 is a block diagram illustrating a configuration example of the personal computer, and illustrates specific configurations of the terminal device 1, the DB server 2, and the management server 3.

  As illustrated in FIG. 6, the personal computer that is the terminal device 1, the DB server 2, and the management server 3 includes a communication unit 101, an input unit 102, an output unit 103, a storage unit 104, and a control unit 105. .

  The communication unit 101 communicates with a device (information device) connected via the communication network 4 and includes a communication interface and the like. The input unit 102 is used to input various information, and includes input devices such as a keyboard and a mouse. The output unit 103 is for outputting various information and includes a display device such as a display. The storage unit 104 stores various information, programs, and the like, and includes an auxiliary storage device such as a hard disk drive. For example, the storage unit 104 of the DB server 2 stores DB 21 and ACL 22. The storage unit 104 of the management server 3 stores an attribute information DB 31 and a management master DB 32.

  The control unit 105 includes a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like. The control unit 105 performs data arithmetic processing and centrally controls the entire apparatus. Specifically, the arithmetic processing and the central control in the control unit 105 are performed by the CPU executing programs stored in the ROM while temporarily storing various data using the RAM as a work area. Is called. For example, dedicated programs are stored in the ROMs of the terminal device 1, the DB server 2, and the management server 3, respectively. For this reason, the terminal device 1, the DB server 2, and the management server 3 implement | achieve the function which each has by executing the program memorize | stored in ROM.

  Next, the operation of the DB access management system 100 according to the present embodiment will be described. 7 and 8 are ladder charts showing an example of the operation of the DB access management system 100 according to the present embodiment.

  Specifically, FIG. 7 shows that a confirmation document 321 for the DB administrator to periodically confirm changes in the management master DB 32 is generated and stored in the management master DB 32 of the management server 3. It is a ladder chart which shows operation | movement. The process for generating the confirmation document 321 includes a new DB and its ACL registration, a new access right holder registration to the ACL, and an application for changing the access right holder registered in the ACL. Or may be performed periodically according to the arrival of a preset date and time.

  FIG. 8 shows an operation until a DB management document 322 for recording the confirmation by the DB administrator is generated and recorded when the confirmation document 321 is approved (confirmed) by the DB administrator. It is a ladder chart. The process in which the DB management document 322 is generated and recorded is a process performed when the DB administrator logs into the terminal device 1. In addition, in this embodiment, although the operation | movement which a user operates by operating the terminal device 1 is illustrated, the information apparatus which a user operates may be other than the terminal device 1, and may be the management server 3. Needless to say.

  As shown in FIG. 7, the terminal device 1 reads the ACL 22 from the DB server 2 (S1). Specifically, the terminal device 1 requests the ACL 22 from the DB server 2, and the DB server 2 transmits the ACL 22 to the terminal device 1 in response to the request from the terminal device 1 (S2).

  Next, the terminal device 1 reads the attribute information of the user related to the ACL 22 read in S1 from the management server 3 (S3). Specifically, the terminal device 1 notifies the IDs of the users listed in the ACL 22 to the management server 3, and the management server 3 displays the attribute information associated with the ID in response to the notification from the terminal device 1 as attribute information. It reads from DB31 and transmits to the terminal device 1 (S4).

  Next, the terminal device 1 reads the management master DB 32 from the management server 3 (S5). Specifically, the terminal device 1 requests the management master DB 32 from the management server 3, and the management server 3 transmits the management master DB 32 to the terminal device 1 in response to a request from the terminal device 1 (S6). .

  Next, the terminal device 1 checks the difference between the ACL 22 read in S1 and S3 and the attribute information of the user related to the ACL 22 and the management master DB 32 read in S5, and detects an updated portion of the ACL 22 (S7). For example, when a DB 21 and its ACL 22 are newly created, the newly created portion is detected as an updated part. In addition, when the DB 21 and the ACL 22 have already been created and a new access right holder is registered in the ACL 22 for the DB 21 or when the access right holder registered in the ACL 22 is changed, It is detected as an update part. For ACL entries that are not included in the ACL 22 but are included in the management master DB 32, the ACL entry deleted by the ACL 22 is detected as an updated portion.

  Next, the terminal device 1 performs an ACL check of the updated part detected in S7 (S8). Specifically, in S8, the value set in advance in the ROM or the like is compared with the value of the updated portion, and the value determined to be inappropriate from the value set in advance by this comparison is determined in advance. The set recommended value is set. In this way, by setting recommended values for inappropriate values by the ACL check, it is possible to eliminate errors due to work omissions when the DB administrator confirms, and to save labor in the confirmation work.

  Specifically, the recommended value setting includes “add”, “change”, and “delete”. “Addition” is to perform matching with a table of entries recommended to be registered in advance during the ACL check of the updated portion, and to set a recommended value for adding an entry not included in this table.

The “change” is performed when the following conditions are satisfied at the time of ACL check of the updated part.
・ When the authority of the recommended registration entry is lower than “Reader”, “Administrator” is set as the recommended value.
・ When “@” is included in the naming, the naming without “@” is set as a recommended value (because an address with “@” is used in ACL, it becomes invalid).
-When not set in a predetermined format valid as an ACL, a recommended value converted into a predetermined format is set.
When the default authority is inappropriately high (for example, more than editor), a preset authority is set as a recommended value.
A predetermined recommended value is set when the ACL type is invalid and the ACL is invalid because it does not match the ACL type and the ACL entry. For example, when the type is a user and the distinction is a replica ID such as a group, a server,..., Or a replica ID, the type is a server and the distinction is a user, a group,. In some cases, the type is a mixed group, a user group, or a server group, and the distinction is a user, server, or replica ID.
-If the entry name is changed due to the ID change, the change to the new ID is set to the recommended value.

The “deletion” is performed, for example, when the following condition is satisfied during the ACL check of the updated part.
In the case of a mail-only group, it is determined that there is no replication with another domain, and the ACL entry of non-hierarchical authentication (= group or Web user) → user view and group view of the attribute information DB 31 are searched, and if there is no Set the recommended value to be deleted. It should be noted that an ACL entry for hierarchical authentication (= user or server) → user view and server view of the attribute information DB 31 is searched, and a recommended value to be deleted if it does not exist is set. However, if there is a copy with another domain, there is a possibility that it exists in the copy destination domain, so the recommended value to be deleted is not set (in this case, an unknown flag may be set).

  Next, the terminal device 1 generates a confirmation document 321 in which the updated portion of the ACL 22 set with the recommended value by the ACL check in S8 is a rich text table, and transmits it to the management server 3 (S9). The management server 3 stores the confirmation document 321 transmitted from the terminal device 1 in the management master DB 32 (S10).

  As shown in FIG. 8, when the DB administrator logs in to the terminal device 1, the terminal device 1 reads the confirmation document 321 stored in the management master DB 32 of the management server 3 (S20). Specifically, the terminal device 1 requests a confirmation document 321 from the management server 3, and the management server 3 reads the confirmation document 321 stored in the management master DB 32 in response to a request from the terminal device 1. To the terminal device 1 (S21).

  Next, the terminal device 1 displays the confirmation document 321 read in S20 on the display of the output unit 103 (S22). FIG. 9 is a diagram illustrating an example of the display screen G1, and more specifically, is a diagram illustrating the display screen G1 that displays the confirmation document 321 in S22.

  As shown in FIG. 9, in S22, the display screen G1 is displayed on the display of the output unit 103. The page switching button G11 on the display screen G1 is a button for receiving an operation for switching the display page. When there are a large number of ACL entries, for example, 10 lines are displayed as one page, and the pages for every 10 lines are switched by the page switching button G11. The item G21 is an ACL entry that can be edited. The edit button G13 is a button for accepting an edit instruction such as changing, deleting, or canceling each ACL entry displayed in the item G21. By operating the edit button G13, the DB administrator can edit the ACL entry displayed on the display screen G1. The ACL change information G14 is an updated part of the ACL 22 inserted as a rich text table. The DB administrator confirms the content of the ACL change information G14 and confirms the change in the management master DB 32.

  When editing the ACL entry by operating the edit button G13 on the display screen G1, a display screen for editing the ACL is displayed on the display of the output unit 103. FIG. 10 is a diagram illustrating an example of the display screen G2, more specifically, a diagram illustrating the display screen G2 for editing the ACL.

  As shown in FIG. 10, when editing the ACL entry, the display screen G <b> 2 is displayed on the display of the output unit 103. In the item G21, display according to authority entered in the ACL 22 is performed. This makes it easier for the DB administrator to determine whether appropriate authority is assigned to the user. In the item G22, a result of identifying an employee, an external employee, a test ID, a group company, and the like based on the group ID entered in the ACL 22 is displayed. This makes it easier for the DB administrator to determine the user range. The item G23 displays the personal ID along with the name and affiliation of the Chinese character. This makes it easier for the DB administrator to determine who is the entered user. The DB administrator confirms the above-described items G21, G22, and G23, and performs an editing operation such as correcting the contents that are not properly set to appropriate settings by operating the keyboard or mouse of the input unit 102. The contents edited on the display screen G2 are reflected on the confirmation document displayed in S22, that is, the display screen G1 and the display screen G2.

  Returning to FIG. 8, the description of the operation is continued. Subsequent to S22, the terminal device 1 determines whether or not the approval of the DB administrator is obtained by operating the keyboard or mouse of the input unit 102 (S23). If approval is obtained, the process proceeds to S24, and if approval is not obtained, the process waits.

  In S24, the terminal device 1 notifies the management server 3 of the update result approved in S23, that is, the update of the management master DB 32. The management server 3 updates the management master DB 32 (ACL master 323, ACL name table 324) based on the update result notified from the terminal device 1 (S25), and generates a DB management document 322 (S26). ), Recorded in the management master DB 32. Specifically, in S26, a DB management document 322 that combines the updated ACL master 323 and ACL name table 324 in S25 is generated and recorded in the management master DB 32.

  FIG. 11 shows the data structure of the DB management document 322. As shown in FIG. As shown in FIG. 11, the DB management document 322 is document data including ACL information in which an ACL master 323 that is an update of the management master DB 32 and an ACL name table 324 are combined. In the DB access management system 100, the DB management document 322 is stored in the management master DB 32 in accordance with the approval of the DB administrator, so that a record in which the ACL 22 is confirmed is left. Therefore, the DB access management system 100 does not need to manually write the access right holder and the access range for the change confirmed by the ACL 22 to the table data, etc., and reduces the burden on the DB administrator. Can do.

  Next, the terminal device 1 determines whether or not there has been a change due to the editing operation of the DB administrator or a change due to the setting of the recommended value in S8 (S27). If there is a change (S27: YES), it is necessary to reflect the change in the ACL 22 of the DB server 2, and therefore, the DB server 2 is notified of the changed part due to the editing operation and the recommended value setting (S28). The DB server 2 updates the ACL 22 based on the changed part notified from the terminal device 1 (S29). As a result, the contents changed when the DB editor checks the ACL 22 can be reflected in the ACL 22.

  Note that programs executed in the terminal device 1, the DB server 2, and the management server 3 according to the present embodiment are files in an installable format or an executable format, such as a CD-ROM, a flexible disk (FD), a CD-R, The program is recorded on a computer-readable recording medium such as a DVD (Digital Versatile Disk).

  Further, the program executed by the terminal device 1, the DB server 2, and the management server 3 of the present embodiment is stored on a computer connected to a network such as the Internet and provided by being downloaded via the network. You may do it. Moreover, you may comprise so that the program run with the terminal device 1, DB server 2, and management server 3 of this embodiment may be provided or distributed via networks, such as the internet. Further, the program of this embodiment may be configured to be provided by being incorporated in advance in a ROM or the like.

100 DB access management system 1 Terminal device 2 DB server 3 Management server 4 Communication network 21 DB
22 ACL
31 Attribute information DB
32 Master DB for management
101 communication unit 102 input unit 103 output unit 104 storage unit 105 control unit 321 confirmation document 322 DB management document 323 ACL master 324 ACL name table G1, G2 display screen G11 page switching button G12 ACL entry G13 edit button G14 ACL change information G21 ~ G23 items

JP 2007-257603 A

Claims (6)

An acquisition means for acquiring an access control list related to the database access right stored in the database server;
Storage means for storing the access control list master data separately in an access control list master related to an entry in the access control list and an access control list name table related to a name entered in the access control list;
Detection means for detecting an update of the access control list based on a difference between the master data of the access control list stored in the storage means and the access control list acquired by the acquisition means;
Display means for displaying the detected update amount;
Receiving means for receiving an approval instruction for the displayed update;
In response to the approval instruction, an update unit that updates the master data of the access control list based on the update for which the approval instruction has been issued;
Recording means for recording document data including an update for which the approval instruction has been received, an access right holder and an access range as document data indicating implementation of the access control list;
A database access management system comprising: A setting means for comparing a value included in the detected update with a preset setting value, and setting a preset recommended value to a value outside the setting value;
The display means displays an updated amount set with the recommended value;
The database access management system according to claim 1. The accepting means further accepts an edit instruction for the displayed update prior to accepting the approval instruction,
The display means changes the displayed update according to the editing instruction;
The database access management system according to claim 2. The update unit updates the access control list based on the update for which the approval instruction is issued when the approval instruction is issued for the update for which the recommended value has been set or has been changed by the editing instruction. To do,
The database access management system according to claim 3. An access control list management method in a database access management system,
An acquisition step of acquiring an access control list related to the database access right stored in the database server;
And access control lists master about the entries in the access control list, and master data of the stored the access control list in the storage means divided into access control list name table for said entered in the access control list name and acquisition A detection step of detecting an update of the access control list based on a difference from the access control list;
A display step for displaying the detected update;
A reception step for receiving an approval instruction for the displayed update;
An update step for updating the master data of the access control list based on the update for which the approval instruction has been received, in accordance with the accepted approval instruction;
A recording step of recording, in the storage means, document data including an update for which the approval instruction has been issued, an access right holder, and an access range, as document data indicating implementation of the access control list;
The management method characterized by including. On the computer of the database access management system,
An acquisition step of acquiring an access control list related to the database access right stored in the database server;
And access control lists master about the entries in the access control list, and master data of the stored the access control list in the storage means divided into access control list name table for said entered in the access control list name and acquisition A detection step of detecting an update of the access control list based on a difference from the access control list;
A display step for displaying the detected update;
A reception step for receiving an approval instruction for the displayed update;
An update step for updating the master data of the access control list based on the update for which the approval instruction has been received, in accordance with the accepted approval instruction;
A recording step of recording, in the storage means, document data including an update for which the approval instruction has been issued, an access right holder, and an access range, as document data indicating implementation of the access control list;
A program for running

Images