JPH1131019A - Information processing system, information processing apparatus, and control method therefor - Google Patents

Abstract

(57) [Summary] [Problem] In a system in which an operation range (authority) is set for an account user, the account user can easily change the authority without logging in again using another account. Is possible. An operation / processing unit refers to a set authority range set for an account user who has logged in to the system and executes a process in an allowed operation range. Authority information indicating an authority range that can be set for each user is stored in the privilege / rank correspondence table 101 and the user / rank correspondence table 102. The privilege switching unit 103 allows the logged-in user to change the authority range of the user within the settable authority range indicated by the authority information. That is, the newly designated authority range is set as the set authority range to be referred to in the operation / processing unit 106.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

[0001] 1. Field of the Invention [0002] The present invention relates to an information processing system, an information processing apparatus, and a control method for a computer system having a function of managing an access right for limiting a operable range of a user.

[0002]

2. Description of the Related Art In general, in a computer system, an account is provided for each user for use of the computer itself, access to resources connected via a network, or operation of a specific application program, and an account is provided for each account. Rights (permissions) are set to restrict the types of operations. Such an account system prevents erroneous operation due to negligence and dangerous operation by a malicious user, and protects important data of the system.

For this reason, when a user using a computer system wants to change the authority according to the purpose of work, a method of re-entering another user account having necessary rights and the password and re-login is used. Has been taken.

[0004]

Therefore, in the conventional method, when the user wants to change the privilege, he or she logs in again with another account, so that who logged in with that account is not recorded. For this reason, there has been a problem that an access to an unauthorized system cannot be detected.

[0005] Further, in the above-mentioned conventional method, a common user account is prepared, which is commonly used by a plurality of users. For this reason, the password is known by a plurality of persons, and the password is leaked.

[0006] Further, the user must remember a large number of accounts and their passwords, and the operation of switching privileges has been troublesome.

[0007] The present invention has been made in view of the above problems, and provides an information processing system, an information processing apparatus, and an information processing system that allow a user to easily change the authority without logging in again using another account. An object is to provide a control method thereof.

[0008]

An information processing system according to the present invention for achieving the above object executes processing in a range permitted based on a set authority range set for a user who has logged in to the system. Execution means, storage means for storing authority information indicating an authority range that can be set for each user, and, for the logged-in user, the user within the settable authority range indicated by the authority information. Means for specifying a change in the scope of authority of
Setting means for setting the authority range designated by the designation means as a set authority range in the execution means.

Further, the information processing apparatus of the present invention for achieving the above object stores a set authority range set for a user who has logged in to the system and an authority range which can be set for each user. An information processing device connected as a client device to an information processing system including a server device, wherein the user obtains a setting authority range of the user from the server device, and obtains a setting authority range based on the setting authority range. Executing means for executing a process, obtaining a settable authority range of the user from the server device, and designating means for specifying a change in the user's authority range within the settable authority range; Notifying means for notifying the authority range specified by the specifying means as the setting authority range of the user of the server-side device so as to be the setting authority range in the execution means Equipped with a.

According to another aspect of the present invention, there is provided an information processing apparatus comprising: a first notifying unit for notifying a set authority range set for a user who has logged in to a system; A storage unit for storing authority information indicating a settable authority range, a second notifying unit for notifying the settable authority range of the user to be used for changing the authority range of the logged-in user, Updating means for updating the set authority range notified by the first notification means based on an update notification of the authority range from the user.

Further, according to the present invention, there is provided a control method for realizing the configuration of the information processing system and the information processing apparatus.

[0012]

Preferred embodiments of the present invention will be described below with reference to the accompanying drawings.

[First Embodiment] A software fault management system will be described below as one embodiment of the present invention. Note that a failure in the software failure management system indicates a complaint or a bug in the software product. In the system according to this example, the failure information is shared between the evaluation department and the design department. Then, the evaluation section inputs the fault information, the design section answers the fault, and digitizes the fault information.

FIG. 1 is a block diagram showing the configuration of the system according to the first embodiment. This system is a client-server system, in which client machines are arranged in an evaluation department and a design department, and access is made to a common server machine.

[0015] 1 on the software management system
The flow of the failure information is as follows. First, a trouble ticket is input in the evaluation section, the trouble sheet is issued, the leader of the evaluation section examines and sends it to the design section. The design department responds to the sent fault information.

The failure information is stored in a database (hereinafter, DB) on the hard disk 201 of the server machine in FIG. Further, as shown in FIG. 1, client machines are prepared in an evaluation department and a design department.

On the client side of this system, a failure list window, a failure information input window, a failure information search window, and the like can be used. In the trouble list window, the trouble information can be referred to, in the trouble information input window, a trouble ticket can be input, and in the trouble information search window, trouble information can be searched.

The client program of this system is as follows:
From the hard disk 205 on the client side to the memory 20
2 is executed by the CPU 203. Input of information and display of a window are performed on the display 204. In the present embodiment, the access right of the user of the evaluation section in the fault management system will be described with reference to the block diagram of FIG. 2 as an example.

FIG. 2 is a block diagram illustrating a basic functional configuration of the computer system according to the embodiment of the present invention.

Reference numeral 101 denotes a privilege / rank correspondence table in which operations and processes for the system are classified into several ranks from the viewpoint of the respective risks and importances. Reference numeral 102 denotes a user rank correspondence table in which, for each user, a plurality of ranks usable by the user and a default valid rank are registered. A privilege switching unit 103 switches the privileges of the user as necessary.

First, when the user starts using the system, the login setting unit 104 requests the user's account name and password. When the user is specified by the user's account name and password, a default rank of the user is searched from the user rank correspondence table 102, and a current rank storage table for storing the rank currently set for the user at the present time. Register at 105. In the current rank storage table 105,
The current rank for each user is registered.

Processing based on actual user operations and user requests (for example, database search / update) is performed by the operation / processing unit 106. The operation / processing unit 106 obtains the rank currently used by the user from the current rank storage table 105 for all user operations / processes requiring the user's authority check, and obtains the privilege / rank for the rank. It is checked whether or not the privilege executable by the user obtained from the correspondence table 101 and the operation / process by the user are collated and executed.

When it is necessary to change the current privilege (authority) of the user, the privilege switching unit 103 searches the user rank correspondence table 102 for a rank that can be given to the user, and obtains the obtained rank. The contents of the current rank storage table 105 are updated with one of the (selected) ranks.

The privilege / rank correspondence table 101
Can be omitted when there are few types of privileges to be determined. For example, in a certain system, if it is sufficient to check the user's authority based only on the three types of privileges of use prohibition / search only / updatable, the privilege itself may be regarded as the rank described above.

The details will be described below. First, considering each block shown in FIG. 2 according to the configuration diagram of FIG. 1, the privilege rank correspondence table 101 and the user rank correspondence table 102 as failure management information are stored in the DB 201 of the server machine in FIG. Rank storage table 10
5 is placed. The client program on the hard disk 205 of the client machine in FIG. 1 includes a privilege switching unit 103, a login setting unit 104, and an operation / processing unit 106.

FIG. 3 is a diagram showing an example of the privilege / rank correspondence table 101. As shown in the figure, the privilege rank correspondence table 101 configures a plurality of types of combinations (hereinafter, groups) for a plurality of operations that can be performed by the evaluation department of the software fault management system, and ranks each group. Further, it is a correspondence table between privileges and ranks. In this figure, privileges include reference, input, issuance, change, deletion, examination, and transmission, and ranks a to d are prepared. The operation checked for each rank is a valid operation for that rank. For example, in rank c,
Input, issue, and change are valid operations.

FIG. 4 shows a user rank correspondence table 102.
It is a figure showing an example of. The system administrator stores the user who uses the system in the user rank correspondence table 102.
Register with. In other words, the system administrator
The user rank in 201, its user code, and a plurality of ranks to be given to the user are registered in the user rank correspondence table 102.

In FIG. 4, seven users A to G are registered as users. Each of these seven users is assigned a default rank used when the user logs in and a rank that can be switched by the user during system access. For example, user A is assigned rank a as a default rank, and rank b is a switchable rank.

The following describes an example in which the user B logs in and operates the failure management system. FIG. 5 is a flowchart illustrating the privilege switching control according to the first embodiment. FIG. 6 shows an example of a login window displayed on the display of the client machine at the time of login. FIG. 7 is a diagram showing a display example of a main window by the fault management system. FIG. 8 is a diagram showing a display example of a failure information window by the failure management system of the present embodiment. FIG. 9 is a diagram showing a display example of a privilege change window.

First, when the client program is started, the login setting unit 104 shown in FIG. 1 changes the login window shown in FIG. 6 to the display 204 shown in FIG.
(Step S11). The user B inputs a user name and a password from the displayed login window to log in to the fault management system (step S12). At this time, the login setting unit 104 in FIG. 1 updates the current rank storage table 105 in FIG. 1 and stores the operation (login) time and rank of the user B (step S13). Note that the rank of the user B at this time is a default rank, and becomes the b rank from the user rank correspondence table 102 in FIG. Therefore, in step S13, the current rank storage table 1
05 stores the rank b.

In step S15, the operation range is limited by the current rank stored in the current rank storage table. That is, referring to the privilege / rank correspondence table 101 as shown in FIG. 3, the operation range in which the b rank is possible, “reference, input, issuance, change, deletion,
“Examination” is recognized, and these operations are permitted to the user B.

When logging in, the client system causes the operation / processing unit 106 to display a main window as shown in FIG. From this state, for example, when inputting fault information, the fault information input window 60 is displayed.
2 is selected to open a fault information input window shown in FIG. 8 and a fault is input. When the input of the trouble information is completed, the issue button 701 in FIG. 8 is pressed to issue a trouble ticket. At this time, the client program refers to the privilege rank correspondence table 101 and the current rank storage table 105, and permits the “issuance” operation. Similarly, the examiner presses the examination button 702 to examine the trouble slip.

Next, in order to send a trouble slip to the design department, it is necessary to send the trouble sheet by using a "send" button 703. However, the user is required to send the trouble sheet to the privilege / rank correspondence table 101 and the current rank storage table 105 created upon login. The sending operation is not permitted with the privilege of rank b of B, and the fault information cannot be sent to the evaluation section as it is.

For example, in a situation where only the user A who is the leader of the evaluation section performs the sending operation, on this day, because the user A is on vacation, the trouble section is not sent to the design section. It is assumed that the situation cannot be performed. In such a case, an operation in the case where the user B sends a trouble slip as a substitute for the user A will be described.

The processing executed in this case is performed by the privilege switching unit 103. The user B presses the rank button 703 in the failure information input window, and causes the privilege switching program 103 to open a privilege change window as shown in FIG. 9 (steps S16 and S17).

In the privilege change window, the contents of FIG. 3 are displayed by the privilege list button 801. With reference to this, the rank which can be operated, the operation content, and the like are confirmed, and the rank is switched by the privilege switch button 802. The window 803 opened from the privilege switching button displays only the privileges that can be switched by the user B with reference to the user rank correspondence table 102.

In this example, since the user B switches from rank b to rank a, the user B checks the rank a in the window 803. Then, the display 804 of the rank column
Is changed to a. After confirming this, change button 805 is displayed.
To complete the setting of privilege switching (step S
18). If the user wants to cancel the rank change, before pressing the change button, the cancel button 80 is pressed.
You just need to press 6. However, the processing at the time of cancellation is omitted in the flowchart of FIG. Through the above operation, the user B can switch the privilege to the rank a. Then, the current rank storage table is newly updated to store the set rank and the switching time (step S13), and the operation is restricted according to the new rank a (step S15).

FIG. 10 shows an example of the current rank storage table. In this figure, a rank change history is also held at the same time as the user's current rank, and the user's operation, the operation time, and the history of the rank at that time are stored. For example, at the time of login at 7:00, the user A has the rank a of the default rank, but has the
The rank is switched to rank b at 0 and rank a at 8:50. Further, the user B is updated by switching to the rank a. Note that the current user rank can be obtained by searching the current rank storage table 105 for the latest one or the user's rank at the current time.

Further, the rank switching status of the user B is displayed by the rank information button 705 of the failure information input window shown in FIG. 8, as shown in FIG. This content is displayed with reference to the current rank storage table 105 shown in FIG.

As described above, the user B, whose privilege rank has been switched to the rank a, uses the privilege / rank correspondence table 101 and the updated current rank storage table 105 shown in FIG. Can be performed.

There is also a method of automatically displaying a privilege change window and requesting the user to switch privileges when an operation that cannot be performed due to user privileges is performed.

Since the default rank of the user B is b in the user rank correspondence table of FIG. 4, it cannot be sent with the default rank b in the privilege / rank correspondence table of FIG. 3, but in this state, the failure of FIG. When a send information window 703 is pressed, a privilege change window and a rank window 803 shown in FIG. 9 are displayed. The user B checks the rank a in the rank window 803, presses the execution button 701 in the privilege change window, and switches the rank. In this case, in the flowchart shown in FIG. 5, the content of the determination in step S16 may be set to "is the operation instruction in the operable range at the current rank?"

In the above example, a button for an operation without a right can also be pressed in the failure information window shown in FIG. 8, but when the current rank storage table 105 is updated, the privilege rank correspondence table 101 is referred to. Moreover, it is easy to press only the operation buttons (operable buttons) for which the user has the right. In this case, for example, since the user B has the rank b at the time of login, it can be confirmed that the operation of “send” cannot be performed in the privilege / rank correspondence table 101 when the current rank storage table 105 is updated at the time of login. Therefore, when the trouble information window of FIG. 8 is opened in this state, the send button 703 cannot be pressed.

In the above description, security is managed by discriminating the current user rank on the client side and restricting the user operation or setting an error when the user performs the operation. However, it goes without saying that such a check of the user privilege based on the current user rank can be performed on the server program side or in both the client and server programs.

Further, in the above description, an example in the section for issuing trouble information (evaluation section) has been described. However, the same must be naturally performed for the section for responding to trouble information (design section). For this purpose, a table similar to that shown in FIG. 3 is provided for the design department, and the privileges (answer input, response examination, response sending, etc.) in the design department are set in the privilege column of this table, and based on that, What is necessary is just to make a judgment.

In the above-described fault management system, when a plurality of evaluation departments and a design department share a DB, each user issues / examines only the fault information to which the evaluation department to which the user belongs belongs. Etc., and input the answer only to those whose answer is the design department to which they belong,
Authority such as answer examination should be given.

For this purpose, the above-mentioned user rank correspondence table may be set for each management target for setting authority. That is, a table for separately holding the department to which the user belongs is prepared for each user, and the rank for each user belonging to the department is set in the user rank correspondence table 102 shown in FIG. For, rank is set uniformly.

In other words, if it is considered that this section should not allow users in other sections to refer to information, the last line in FIG. 4 is set to “permit nothing to other users”. If so, set so.

The user rank correspondence table can be configured in a hierarchical manner. For example, dangerous work such as "delete" is usually assigned only to a specific system administrator. However, if a user rank correspondence table is provided for each management target as described above, many tables must be set. There is. In order to avoid this, a single user rank correspondence table is provided as the entire default, and if there is no entry in the user rank correspondence table provided for each management target, the user rank is determined from the default table. In the default table, only certain system administrators have the highest privileged rank, and other users have the least privileged rank.

A plurality of privilege / rank correspondence tables 101 shown in FIGS. 2 and 3 can be provided. For example, this table is held for each operation window, and the execution right of various operation buttons in the window and the input right for input items are set in the privilege column of FIG. 3, and the window is configured according to the current user rank. I do. The states of the operation buttons and input items are controlled, and when the user rank is changed, the states of the operation buttons and input items are controlled again according to the rank.

The simplest method for this is to hold a bit pattern for each operation button or input item of the window. This bit pattern indicates that setting a bit corresponding to a rank gives permission to use the rank. If the value of the bit corresponding to the current user rank is viewed, execution of an operation button or input to an input item is performed. Can be determined immediately.

As described above, according to the first embodiment, in a computer system or a specific application program, a plurality of rights that can be granted to a user for an account provided for the user provided therein. The level (rank) and one of them are set and retained as the default privilege level of the user, and the user is permitted to perform the operation with the default privilege level for the normal operation of the user. , The authority for the user is changed from the plurality of authority levels assigned to the user to the selected authority level, and the operation of the user can be restricted based on the changed authority level.

Therefore, in one login operation,
That is, the operability is improved because the privilege rank for restricting the operation range can be switched without changing the user identifier. Further, since the registration and switching of the user's access right can be performed with the user's own user account, the necessity of re-login is eliminated, and a plurality of users do not need to know a common password, thereby improving security.

[Second Embodiment] Next, a second embodiment will be described. FIG. 12 is a diagram showing an example of an operation / user correspondence table representing the contents of possible operations of each user according to the second embodiment. FIG. 13 is a diagram illustrating a display example of a selection window by the privilege switching unit 103 according to the second embodiment.

In the above-described first embodiment, as shown in FIG. 3 and FIG. 4, a method having two pieces of information using a rank as a key has been described. In the second embodiment, however, a method shown in FIG. The operation / operation that has a direct correspondence between the operation that can be executed by default for each user and the operation that can be executed by selection
Use the user correspondence table. Then, in the selection window (privilege change screen) in FIG. 13, necessary privileges are checked and made effective. Thereby, a plurality of functions can be selected at the same time.

In the operation / user correspondence table shown in FIG.
An operation (*) that can be performed by default for three users 1 to 3 and a selectable operation (ユ ー ザ) are registered.
Taking an example of the user 1 and the user 2, as shown in FIG. 12, the user 1 can perform operations of reference, input, issuance, change, and delete by default, and can perform operations of examination and transmission by switching privileges. . In the case of the user 2, by default, reference, input, issuance, and change are possible, and deletion can be made effective by switching privileges. It should be noted that, as shown in the selection window (privilege change screen) of the user 2 in FIG. 14, the items that cannot be switched cannot be checked.

If user 1 wants to validate the examination,
This is realized by checking the examination on the privilege change screen of FIG. 13 and pressing the execution button 1101. in this case,
In step S13 of FIG. 5, the current rank storage table 105 is updated with the operation contents that are valid in the selection window, and the restriction on the operation range is changed by the same control as in the first embodiment.

[Third Embodiment] In the third embodiment,
To switch the privileges of the user, a method is used in which the privileges of other users are used as substitutes while the user ID remains unchanged. In the third embodiment, as shown in FIG. 15, a proxy registration table that stores a default rank and a user name that can be used as a proxy for each user is used.

For example, the user D has d rank by default, but the user B is described in the proxy column, so that the user B can switch to the default privilege b rank and use it.

From the privilege / rank table shown in FIG.
Examination cannot be performed with the default rank d rank of the user D. However, by switching to the privilege (rank b) of the user B on behalf of the user B, the user D can perform the examination. You can press it.

Although the proxy column in FIG. 15 may be set by the system administrator, it is desirable that the user who becomes the value of the proxy column can be set for other users. . That is, when the user B is absent for a long period of time, the user B can designate the user A as his / her proxy by registering the proxy column for the user A with himself / herself, that is, the user B.

In order to manage operations performed on behalf of another user in this way, it is desirable to record the rank change history illustrated in FIG. 10 together with who has been changed. Therefore, in the third embodiment, FIG.
In step S13, the default rank (operable range) of the user designated as a proxy is obtained by referring to the user rank correspondence table 102, and the obtained rank (operable range) is displayed together with the change time. It will be registered in the current rank storage table 105.

In the case where the examiner or the like is output in a window display or an output form in this system, not the actual executor (user B in this example) but the original authority (user A in this example) There is also a method of outputting information indicating that the user B who actually performed the operation performed the operation on behalf of the user A.

[Fourth Embodiment] In the first embodiment,
Switching of the privilege rank requires a user's instruction operation on the privilege switching unit 103. Therefore, when returning the rank to the default, the rank switching button 704 of the failure information window of FIG. 8 is pressed again, and the rank is switched in the privilege change window of FIG. On the other hand, in the fourth embodiment, a method is adopted in which the system administrator sets a time in advance on the system side, and automatically returns to the default rank when the time comes. Further, in this method, it is also possible to configure so that the user can set the time until returning to the default in the time change window.

It is also possible to configure so that the rank is returned to the default if no operation is performed for a certain time after switching the rank. In this case, the system administrator sets the time in advance, and if no operation is performed for the set time, the rank of the user is returned to the default.

Further, after switching the rank, the rank can be returned to the default every one operation. For example, in the first embodiment, the rank is changed to "a" and the transmission is performed after that, but immediately after that, the rank is automatically returned to the default "b". Alternatively, when a function cannot be executed by only one operation, the current rank is similarly returned to the default by an operation that completes these operation groups (for example, pressing a “Done” button). Good.

Even if the present invention is applied to a system composed of a plurality of devices (for example, a host computer, an interface device, a reader, a printer, and the like), an apparatus (for example, a copying machine, a facsimile, etc.) comprising one device Device).

An object of the present invention is to provide a storage medium storing a program code of software for realizing the functions of the above-described embodiments to a system or an apparatus, and to provide a computer (or CPU) of the system or apparatus.
And MPU) read and execute the program code stored in the storage medium.

In this case, the program code itself read from the storage medium realizes the functions of the above-described embodiment, and the storage medium storing the program code constitutes the present invention.

As a storage medium for supplying the program code, for example, a floppy disk, hard disk, optical disk, magneto-optical disk, CD-ROM, CD
-R, a magnetic tape, a nonvolatile memory card, a ROM, or the like can be used.

When the computer executes the readout program code, not only the functions of the above-described embodiment are realized, but also the OS (Operating System) running on the computer based on the instruction of the program code. ) May perform some or all of the actual processing, and the processing may realize the functions of the above-described embodiments.

Further, after the program code read from the storage medium is written into a memory provided in a function expansion board inserted into the computer or a function expansion unit connected to the computer, based on the instructions of the program code, It goes without saying that the CPU included in the function expansion board or the function expansion unit performs part or all of the actual processing, and the processing realizes the functions of the above-described embodiments.

[0073]

As described above, according to the present invention, in a system in which an operation range (authority) is set for an account user, the user can easily log in again without using another account. The authority can be changed.

[0074]

[Brief description of the drawings]

FIG. 1 is a block diagram illustrating a configuration of a system according to a first embodiment.

FIG. 2 is a block diagram illustrating a basic functional configuration of a computer system according to the embodiment of the present invention.

FIG. 3 is a diagram illustrating an example of a privilege / rank correspondence table 101;

FIG. 4 is a diagram showing an example of a user rank correspondence table 102.

FIG. 5 is a flowchart illustrating privilege switching control according to the first embodiment.

FIG. 6 is a diagram illustrating an example of a login window displayed on a display of a client machine at the time of login.

FIG. 7 is a diagram showing a display example of a main window by the fault management system.

FIG. 8 is a diagram showing a display example of a failure information window by the failure management system of the embodiment.

FIG. 9 is a diagram illustrating a display example of a privilege change window.

FIG. 10 is a diagram illustrating an example of a current rank storage table.

FIG. 11 is a diagram showing an example of a status display of rank switching.

FIG. 12 is a diagram illustrating an example of an operation / user correspondence table indicating the contents of possible operations of each user according to the second embodiment.

FIG. 13 is a diagram illustrating a display example of a selection window by a privilege switching unit according to the second embodiment.

FIG. 14 is a diagram illustrating a display example of a selection window by a privilege switching unit according to the second embodiment.

FIG. 15 is a diagram illustrating an example of a proxy registration table that stores a default rank and a user name that can be used as a proxy for each user.

 ──────────────────────────────────────────────────続 き Continued on the front page (72) Inventor Hideharu Hachimoto 3- 30-2 Shimomaruko, Ota-ku, Tokyo Inside Canon Inc. (72) Inventor Masahiko Shirai 3-30-2 Shimomaruko, Ota-ku, Tokyo Non Corporation

Claims (18)

[Claims] 1. An execution means for executing a process in a range permitted based on a set authority range set for a user who has logged in to a system, and authority information indicating an authority range that can be set for each user. Storage means for storing, for the logged-in user, designating means for designating a change in the user's authority range within a settable authority range indicated by the authority information, and authority designated by the designation means An information processing system comprising: a setting unit that sets a range as a setting authority range in the execution unit. 2. The information processing system according to claim 1, wherein the designation unit further includes a display unit that displays a settable authority range indicated by the authority information for the logged-in user. 3. The information according to claim 1, further comprising a rank table in which each of a plurality of authority ranks is associated with an executable operation item, wherein the authority range is represented by an authority rank. Processing system. 4. The information processing system according to claim 1, further comprising storage means for storing history information relating to setting of an authority range by said setting means. 5. The information processing system according to claim 4, further comprising display means for performing display based on history information stored by said storage means. 6. The information processing system according to claim 1, wherein the designation unit is activated when an operation outside the set authority range is instructed. 7. The information according to claim 1, wherein the authority information for each user stored in the storage unit includes a default authority range for the corresponding user and an authority range after switching. Processing system. 8. The authority information holds, for each user, information indicating a default authority range and another user name indicating an authority range after switching, and the specifying unit determines whether or not to switch the authority range. The setting means acquires a default authority range from the authority information of the storage means with respect to another user name designated by the designation means, and acquires the authority range of the user with the acquired authority range. The information processing system according to claim 1, wherein: 9. The setting unit automatically returns the authority range of the user to a default authority range after a lapse of a predetermined time after setting the authority range specified by the specifying unit as the set authority range. The information processing system according to claim 1, wherein: 10. The setting means sets the authority range designated by the designation means as the set authority range, and if no operation is performed for a predetermined time, sets the authority range of the user to a default authority. 2. The information processing system according to claim 1, wherein the information is automatically returned to a range. 11. The setting means sets the authority range designated by the previous term designation means as the set authority range, and after one operation is completed, automatically changes the authority range of the user to a default authority range. The information processing system according to claim 1, wherein the information processing system is returned to. 12. A client device connected to an information processing system including a server device that stores a set authority range set for a user who has logged in to the system and an authority range that can be set for each user. An execution unit that obtains a setting authority range of the user from the server device and executes a process in a range permitted based on the setting authority range; A setting unit for acquiring a settable authority range, and specifying a change in the user's authority range within the settable authority range; and specifying the authority range specified by the specifying unit in the execution unit. An information processing apparatus comprising: a notifying unit for notifying a setting authority range of the user of the server-side device to set the setting authority range. 13. A first notifying unit for notifying a set authority range set for a user who has logged in to the system; a storing unit for storing authority information indicating an authority range that can be set for each user; A second notifying unit for notifying the settable authority range of the user to be used for changing the authority range of the logged-in user; and the first notifying unit based on an authority range update notification from the logged-in user. An information processing apparatus comprising: updating means for updating a setting authority range notified by a user. 14. An execution step of executing a process within a range permitted based on a set authority range set for a user who has logged in to the system, and authority information indicating an authority range that can be set for each user. A storage step of storing in a memory, for the logged-in user, within a settable permission range indicated by the permission information, a designation step of designating a change in the permission range of the user; A setting step of setting the set authority range as the set authority range in the execution step. 15. A client device connected to an information processing system including a server device that stores a set authority range set for a user who has logged in to the system and an authority range that can be set for each user. A control method for an information processing apparatus, comprising: obtaining a setting authority range of the user from the server device, and executing a process in a range permitted based on the setting authority range; Obtaining a settable authority range of the user from within the settable authority range, a designation step of designating a change of the user's authority range, and the authority range designated in the designation step, A notifying step of notifying a setting authority range of the user of the server-side device to set the setting authority range in the execution step. Control method. 16. A storage unit for storing authority information indicating an authority range that can be set for each user,
A method for controlling an information processing device communicably connected to another information processing device, comprising: a first notification step of notifying a set authority range set for a user who has logged in to the system; and an authority range of the logged-in user. A second notification step of obtaining the settable authority range of the user from the authority information stored in the storage unit and notifying the user of the change, and an update notification of the authority range from the logged-in user. And updating the set authority range notified by the first notification unit based on the first notification means. 17. A client device connected to an information processing system including a server device that stores a set authority range set for a user who has logged in to the system and an authority range that can be set for each user. A computer-readable memory storing a control program for controlling an operation range of an information processing device to be set, wherein the control program obtains a setting authority range of the user from the server device and permits the user based on the setting authority range. Code of an execution step for executing the processing in the set range, and a settable authority range of the user from the server device, and changing the user's authority range within the settable authority range. The code of the designated step to be designated and the authority range designated in the designated step are set to the service A code for a notifying step of notifying the user of the device on the server side as a set authority range of the computer. 18. A storage unit for storing authority information indicating an authority range that can be set for each user,
An information processing device communicably connected to another information processing device, wherein the computer readable memory stores a control program for controlling an operation range of the other information processing device, the setting being performed for a user who has logged in to the system. A code of a first notification step of notifying the set authority range, and an authority range that can be set by the user to be used for changing the authority range of the logged-in user are obtained from the authority information stored in the storage unit. And a code of an update step of updating the set authority range notified by the first notification means based on an update notice of the authority range from the logged-in user. A computer readable memory characterized by the following.