JP2013030022A - Information processing system, management device, and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a system capable of reducing the cost of constructing the system and transferring authority.SOLUTION: A user management server 2 includes a transfer management unit 20d and a request acceptance unit 20a. The transfer management unit 20d manages transfer information enabling identification of use authority of an image forming device 3 to be transferred to a user registered in association with user ID of a user of a transfer source having the use authority of the image forming device 3. When the server receives an authority adding request that requests addition of the use authority of the image forming device 3 to the user to whom the authority is to be transferred from the image forming device 3, the request acceptance unit 20a obtains transfer information corresponding to user ID of the user who is to transfer the authority from the transfer management unit 20d on the basis of information enabling identification of the user, included in the authority adding request, to whom the authority is to be transferred, and transmits the information to the image forming device 3.

Description

  Embodiments described herein relate generally to an information processing system, a management apparatus, and a program.

  Conventionally, in an image forming apparatus such as a multi-function peripheral (MFP), functions that can be used for each user (copy function, scanner function, FAX function, printing function, etc.) are set by setting the authority to use for each user. And the usage amount (upper limit number of color printing, upper limit number of monochrome printing, etc.) can be limited.

  Conventionally, when the first user wants to use a function that cannot be used with the authority set for the first user, the first user has the authority of the function (that is, the authority to permit the use of the function is given). There is known an authority delegation system that allows a second user to temporarily delegate authority to allow the first user to use a function that could not be used (for example, , See Patent Document 1).

  However, the above-described conventional authority delegation system requires a dedicated recording medium (delegation card) for performing authority delegation in order to delegate the authority of a user to another user (authority delegation). There was a problem that the construction costed.

  Accordingly, the present invention is to solve the above-described conventional problems, and an object thereof is to provide an information processing system, a management device, and a program capable of delegating authority while reducing the cost of system construction. To do.

  In order to solve the above-described problems and achieve the object, the management apparatus of the present invention delegates to another user registered in association with the identification information of the delegation source user who has authority to use the information processing apparatus Delegation management means for managing delegation information that can specify the authority to use the information processing apparatus, and an authority addition request that requests addition of the authority to use the information processing apparatus to the other user from the information processing apparatus If received, the delegation management unit acquires the delegation information of the user delegating the authority based on information that can identify the user delegating the authority included in the authority addition request and transmits the information to the information processing apparatus Request receiving means.

  ADVANTAGE OF THE INVENTION According to this invention, the information processing system which can delegate authority, reducing the cost of system construction can be provided.

FIG. 1 is a block diagram illustrating a schematic configuration of an information processing system according to the present embodiment. FIG. 2 is a block diagram illustrating a hardware configuration of a control system of the user management server and the client terminal device. FIG. 3 is a block diagram illustrating a hardware configuration of the image forming apparatus. FIG. 4 is a block diagram for explaining a software configuration of the image forming apparatus. FIG. 5 is a block diagram showing a specific functional configuration in the image forming apparatus of the present embodiment. FIG. 6 is a block diagram showing a specific functional configuration in the user management server of the present embodiment. FIG. 7 is a schematic diagram illustrating a configuration example of an authentication information registration table managed by the authentication unit. FIG. 8 is a schematic diagram illustrating a configuration example of an authority information registration table managed by the authority management unit. FIG. 9 is a schematic diagram illustrating a configuration example of a delegation information registration table managed by the delegation management unit. FIG. 10 is a sequence diagram for explaining a processing procedure between the image forming apparatus and the user management server in the information processing system. FIG. 11 is a schematic diagram illustrating a configuration example of a screen displayed on the operation display unit. FIG. 12 is a schematic diagram illustrating a change in the authority of the user U1 after the authority is transferred by the user U2. FIG. 13 is a flowchart showing the procedure of the processing operation of the user management server. FIG. 14 is a block diagram illustrating a configuration of an information processing system according to the second embodiment. FIG. 15 is a block diagram illustrating a specific functional configuration of the print server according to the present embodiment. FIG. 16 is a sequence diagram for explaining a processing procedure among the image forming apparatus, the user management server, and the print server in the information processing system according to the second embodiment. FIG. 17 is a schematic diagram illustrating a configuration example of a screen when printing from a print server by pull printing. FIG. 18 is a diagram illustrating a configuration example of the authority delegation setting screen displayed on the client terminal device. FIG. 19 is a block diagram illustrating a modification example of a specific functional configuration in the image forming apparatus illustrated in FIG. 5. FIG. 20 is a diagram illustrating a configuration example of the contents displayed on the operation display unit when the valid period for which authority is delegated is one job. FIG. 21 is a schematic diagram illustrating a modified example of the authentication information registration table managed by the authentication unit. FIG. 22 is a schematic diagram illustrating a modification of the authentication information registration table managed by the authentication unit. FIG. 23 is a schematic diagram illustrating a modified example of the delegation information registration table managed by the delegation management unit. FIG. 24 is a flowchart showing a modification of the processing procedure of FIG.

  Embodiments of the present invention will be described below with reference to the accompanying drawings.

(First embodiment)
First, the configuration of the information processing system 1 according to the first embodiment will be described with reference to FIG.

  FIG. 1 is a block diagram showing a schematic configuration of an information processing system 1 according to the present embodiment.

  As shown in FIG. 1, in this information processing system 1, a user management server 2, a plurality of image forming apparatuses 3 (three in the example of FIG. 1), and a plurality of client terminal apparatuses 4 (in the example of FIG. 1). Are connected to each other via a network N such as a LAN (Local Area Network).

  The user management server 2 is a device that stores and manages various types of information related to users. In the present embodiment, the user management server 2 is set for each authorized user who is permitted to use the image forming apparatus 3 (a person who has a valid use authority). Various information (details will be described in detail, but authentication information for authenticating authorized users, authority information indicating the authority of authorized users, and authority for authorized users to delegate to other authorized users) For example, delegation information).

  The image forming apparatus 3 is an image forming apparatus capable of forming (printing) an image on a recording medium such as recording paper. For example, the image forming apparatus 3 has a copy function, a scanner function, a facsimile (FAX) function, and a printer (printing) function. And a multifunction device (MFP).

  In the present embodiment, the image forming apparatus 3 can use functions (copy function, scanner function, FAX function, printing function, etc.) and usage amount (usually) for each user based on authority information and delegation information set for each user. The upper limit number of color printing, the upper limit number of monochrome printing, and the like can be limited.

  The client terminal device 4 is a terminal device used by a user, and includes a personal computer (PC) or a portable information terminal.

  In the present embodiment, the client terminal device 4 is used for setting delegation information (see FIG. 9) described later.

  Next, the hardware configuration of the user management server 2, the image forming apparatus 3, and the client terminal apparatus 4 constituting the information processing system 1 will be described with reference to FIGS.

  FIG. 2 is a block diagram illustrating a hardware configuration of a control system of the user management server 2 and the client terminal device 4.

  As shown in FIG. 2, the user management server 2 and the client terminal device 4 have a hardware configuration using a general computer such as a PC. For example, the control unit 21, the communication I / F 22, And an I / O device control unit 23, which are connected by a bus B1.

  The controller 21 includes, for example, a CPU (Central Processing Unit), a ROM (Read Only Memory), a RAM (Random Access Memory), and the like.

  In addition, the control unit 21 includes an operation device (for example, a keyboard and a mouse) 24, a display device (for example, a liquid crystal display) 25, and an external storage device (for example, a liquid crystal display) via the bus B1 and the I / O device control unit 23. A hard disk device (HDD: Hard Disk Drive), an SSD (Solid State Drive), and the like 26 are connected.

  In other words, the control unit 21 allows the CPU connected to the device connected via the I / O device control unit 23 by executing a control program stored in the ROM, the external storage device 26, etc. on the RAM. In addition to controlling the operation, it controls the operation of transmitting / receiving various data to / from other devices (such as the user management server 2) connected via the communication I / F 22 and the network N.

  FIG. 3 is a block diagram illustrating a hardware configuration of the image forming apparatus 3.

  As shown in FIG. 3, the image forming apparatus 3 is roughly divided into a controller 31, an operation display unit (operation panel) 32, a facsimile control unit (FCU) 33, an image reading unit 34, and an image forming unit 35. And.

  The controller 31 controls the entire image forming apparatus 3, that is, various processes such as a drawing process, a communication process, and an operation input and display process for the operation display unit 32.

  In the example of FIG. 3, the controller 31 includes a CPU 301, an ASIC 302, a north bridge (NB) 303, a south bridge (SB) 304, a system memory (MEM-P) 305, and a local memory (MEM-C) 306. A hard disk drive (HDD) 307, a memory card slot 308, a network interface controller (NIC) 309, a USB device 310, an IEEE 1394 device 311, and a Centronics device 312.

  Here, the CPU 301 is an IC for executing various types of information processing, and executes the application 101 and the platform 102 (see FIG. 4) in parallel on a process basis by an OS such as UNIX (registered trademark).

  The ASIC 302 is an image processing IC. The NB 303 is a bridge for connecting the CPU 301 and the ASIC 302. The SB 304 is a bridge for connecting the NB 303 and peripheral devices. The ASIC 302 and the NB 303 are connected via an AGP (Accelerated Graphics Port).

  The MEM-P 305 is a memory connected to the NB 303. The MEM-C 306 is a memory connected to the ASIC 302. The HDD 307 is a storage connected to the ASIC 302 and is used for storing image data, document data, programs, font data, form data, and the like. The memory card slot 308 is a slot connected to the SB 304 and is used for setting (inserting) the memory card 313.

  The NIC 309 is a controller for performing data communication using a MAC address or the like via the network N or the like. The USB interface 310 is an interface for providing a serial port compliant with the USB standard. The IEEE 1394 interface 311 is an interface for providing a serial port compliant with the IEEE 1394 standard. The Centronics interface 312 is an interface for providing a parallel port compliant with the Centronics specification.

  The NIC 309, USB interface 310, IEEE 1394 interface 311 and Centronics interface 312 are connected to the NB 303 and the SB 304 via a PCI (Peripheral Component Interconnect) bus.

  The operation display unit 32 is a user interface for displaying operation methods for using various functions of the image forming apparatus 3 and receiving operation inputs from the user. The operation display unit 32 is connected to the ASIC 302.

  The FCU 33 is a unit that controls facsimile communication such as G3.

  The image reading unit 34 is a unit that reads an image, and is configured as a scanner, for example, and reads an image of a document set on a document table.

  The image forming unit 35 is a unit for forming an image on a recording medium based on image data obtained by reading by the image reading unit 34, and is configured by employing, for example, an electrophotographic method.

  The FCU 33, the image reading unit 34, and the image forming unit 35 are connected to the ASIC 302 via the PCI bus.

  Next, software configurations of the image forming apparatus 3 and the user management server 2 will be described with reference to FIGS.

  FIG. 4 is a block diagram for explaining a software configuration of the image forming apparatus 3.

  As shown in FIG. 4, as the software 100 of the image forming apparatus 3, there are various application groups 101 and various platforms 102. These programs are executed in parallel on a process basis by an OS (Operating System) such as UNIX (registered trademark).

  The application group 101 is software for executing a processing operation related to each function.

  In the example of FIG. 4, the application group 101 includes a copy application 103 that is software for executing a processing operation related to a copy function, a printer application 104 that is software for executing a processing operation related to a printer function, and a scanner. Scanner application 105, which is software for executing processing operations related to functions, facsimile application 106, which is software for executing processing operations related to facsimile functions, and software for executing processing operations related to network file functions Is a software developed using a network file application 107 and a software development kit (SDK: Software Development Kit), and is an application that is typically installed in the image forming apparatus 3 Apart from (for example, the applications indicated by reference numerals 103 to 107), an SDK application 108, which is software that can be installed or uninstalled as appropriate, is provided. In the present embodiment, the application is simply expressed as an application both in the description and in the drawings.

  The platform 102 is hardware or software for executing information processing related to a processing request from the application group 101. The platform 102 uses an application program interface (API) 109 that receives a processing request using a predefined function for receiving a processing request from the application group 101, and an engine interface for implementing the request content. 110 is used.

  The platform 102 includes various control services 111, a system resource manager 112, and various handlers 113.

  Here, the control service 111 interprets a processing request from the application group 101 and generates various hardware acquisition requests shown in FIG. 3 according to the interpretation result.

  The control service 111 includes a network control service (NCS) 114, a facsimile control service (FCS) 115, a delivery control service (DCS) 116, an engine control service (ECS) 117, and a memory control service (MCS). 118, an operation panel control service (OCS) 119, a certification control service (CCS) 120, a user directory control service (UCS) 121, a system control service (SCS) 122, and the like.

  The process of the NCS 114 performs mediation for performing data communication via the network N or the like. The FCS 115 process provides an API for communicating, reading, and forming (printing) image data as a facsimile. The process of the DCS 116 performs control related to distribution of document data accumulated in the image forming apparatus 3. The process of the ECS 117 performs control related to engine units such as the image reading unit 34 and the image forming unit 35. The process of the MCS 118 controls various memories such as storage and processing of image data and the HDD 307. The process of the OCS 119 performs control related to the operation display unit 32. The process of the CCS 120 performs control related to authentication processing and billing processing. The process of the UCS 121 performs control related to management of user information. The process of the SCS 122 performs control related to system management.

  The system resource manager (SRM) 112 arbitrates requests for acquiring various hardware shown in FIG. 3 and performs control for implementing the request contents according to the arbitration result. More specifically, the process of the SRM 112 determines whether or not the hardware related to the acquisition request is usable (whether or not it conflicts with other acquisition requests), and if so, indicates that fact. Notify each process of the control service 111. Further, the process of the SRM 112 creates a hardware usage schedule related to the acquisition request, and performs control for implementing the requested content according to the creation result.

  The handler 113 manages hardware according to the arbitration result. The handler 113 includes a facsimile control unit handler (FCUH) 123, an image memory handler (IMH) 124, and the like. The FCUH 123 manages the facsimile control unit. The IMH 124 allocates memory to each process and manages the memory allocated to each process.

  In addition, a virtual application service (VAS) 125 is provided as software that mediates between the application group 101 and the platform 102.

  The VAS 125 operates as a server process using the application group 101 as a client and as a client process using the platform 102 as a server. In addition, the VAS 125 has a wrapping function that hides the platform 102 when viewed from the application group 101, and plays a role of absorbing version differences associated with version upgrades of the platform 102.

  The activation unit 126 is executed first when the image forming apparatus 3 is turned on. As a result, an OS such as UNIX (registered trademark) is activated, and the application group 101 and the platform 102 are activated. These programs are stored in the HDD 307 and the memory card 313, are reproduced from the HDD 307 and the memory card 313, and are activated in a memory (for example, MEM-P 305).

  FIG. 5 is a block diagram showing a functional configuration of the image forming apparatus 3 for executing the processing procedure of FIG. 10 described later.

  As shown in FIG. 5, the CPU 301 of the image forming apparatus 3 develops a predetermined control program stored in the HDD 307 or the like in a memory (such as MEM-P 305) and executes it, thereby executing a processing procedure shown in FIG. It functions as the input / output unit 30a, the control unit 30b, the authentication request unit 30c, and the authority determination unit 30d.

  The input / output unit 30a accepts input of various operations from the user via the operation display unit 32 or the like, and displays various information in order to convey information to the user.

  The control unit 30 b controls permission or prohibition of use of each function of the image forming apparatus 3.

  Specifically, when receiving a use request or an authority addition request from the input / output unit 30a, the control unit 30b makes an authentication request or an authority addition request to the user management server 2 via the authentication request unit 30c. Further, the control unit 30b acquires authority information to which authority information or delegation information is added from the user management server 2 via the authentication request unit 30c in response to the above-described authentication request or authority addition request, and authority determination unit 30d. Ask for permission judgment. When the control unit 30b receives the determination result from the authority determination unit 30d as a result of the request described above, the control unit 30b releases the lock of the function that can be used by the logged-in user and controls the function to be usable.

  The authentication request unit 30c makes an authentication request or an authority addition request to the user management server 2 in response to an authentication request or an authority addition request from the control unit 30b. Further, the authentication request unit 30c acquires authority information to which authority information or delegation information is added from the user management server 2 in response to the above-described authentication request or authority addition request, and passes the authority information to the control unit 30b.

  The authority determining unit 30d acquires authority information from the control unit 30b, matches the authority necessary for using the image forming apparatus 3, and determines functions that can be used by the logged-in user.

  FIG. 6 is a block diagram showing a functional configuration of the user management server 2 for executing the processing procedure of FIG. 10 described later.

  As shown in FIG. 6, the CPU of the user management server 2 expands and executes a predetermined control program stored in the ROM, the external storage device 26, etc. in the RAM, thereby executing the processing procedure shown in FIG. The request accepting unit 20a, the authenticating unit 20b, the authority managing unit 20c, and the delegation managing unit 20d execute.

  The request reception unit 20a receives an authentication request or an authority addition request from the image forming apparatus 3, makes an authentication request to the authentication unit 20b, receives an authentication result, and responds to the received request when authentication is successful. Thus, information (authority information, delegation information) is acquired from the authority management unit 20c and the delegation management unit 20d.

  The authentication unit 20b manages an authentication information registration table T1 (see FIG. 7) for registering authentication information for each user, and is received from the image forming apparatus 3 when an authentication request is received from the request reception unit 20a. The authentication information registration table T1 is searched with authentication information (user ID, password, etc.) included in the authentication request, and authentication is performed based on whether or not matching authentication information is registered. The authentication unit 20b adds, updates, deletes authentication information registered in the authentication information registration table T1 in response to requests for addition, update, deletion, and the like.

  The authority management unit 20c manages an authority information registration table T2 (see FIG. 8) for registering authority information for each user, and is included in the authority acquisition request when an authority acquisition request is received from the request reception unit 20a. The authority information corresponding to the user ID is retrieved from the authority information registration table T2 and provided to the request receiving unit 20a. Further, the authority management unit 20c adds, updates, and deletes authority information registered in the authority information registration table T2 in response to requests for addition, update, and deletion.

  The delegation management unit 20d manages a delegation information registration table T3 (see FIG. 9) for registering delegation information for each user, and is included in the delegation information when a delegation information acquisition request is received from the request reception unit 20a. The delegation information corresponding to the user ID is retrieved from the delegation information registration table T3 and provided to the request reception unit 20a. In addition, the delegation management unit 20d adds, updates, and deletes delegation information registered in the delegation information registration table T3 in response to requests for addition, update, and deletion.

  Next, various tables managed by each functional component (authentication unit 20b, authority management unit 20c, and delegation management unit 20d) of the user management server 2 shown in FIG. 6 will be described with reference to FIGS.

  FIG. 7 is a schematic diagram illustrating a configuration example of an authentication information registration table managed by the authentication unit 20b.

  As shown in FIG. 7, the authentication information registration table T1 is a table for registering authentication information for each authorized user permitted to use the information processing system 1 (particularly, the image forming apparatus 3). Specifically, in the authentication information registration table T1 shown in FIG. 7, information indicating a user name in a user ID (user identification information) that is uniquely assigned to each regular user and identifies (identifies) the user; Authentication information in which information indicating a password is associated with information indicating a card ID is registered.

  FIG. 8 is a schematic diagram illustrating a configuration example of an authority information registration table managed by the authority management unit 20c.

  As shown in FIG. 8, the authority information registration table T2 is a table for registering authority information for each authorized user. Here, the authority information is information indicating the use of each function in the image forming apparatus 3 and the restriction on the usage amount of a certain function.

  Specifically, in the authority information registration table T2 shown in FIG. 8, the user ID includes information (permissions) that restricts use of the copy function, scanner function, FAX (facsimile) function, print (printer) function, SDK application, and the like. , Prohibition, etc.), information indicating the maximum number of sheets for color printing (color image formation) and monochrome printing (monochrome image formation), and the like are registered.

  In the example of FIG. 8, if “monochrome” is set in the “copy” item, it indicates that only monochrome copy is permitted, and if “color” is set, color copy is performed. This indicates that both monochrome copying and monochrome copying are permitted. Further, when “prohibited” is set, it indicates that the copy function cannot be used (that is, the copy function cannot be used).

  In addition, when “prohibited” is set in the “scanner” item, this indicates that the scanner function cannot be used (that is, the scanner function cannot be used), while when “permitted” is set, Indicates that the scanner function can be used (that is, the scanner function can be used).

  Further, in the “FAX” item, when “prohibited” is set, it indicates that the FAX function cannot be used (that is, the FAX function cannot be used), and on the other hand, when “permitted” is set, Indicates that the FAX function can be used (that is, the FAX function can be used).

  If “Monochrome” is set in the “Print” item, it indicates that only monochrome printing (image formation) is allowed. If “Color” is set, color printing is performed. Indicates that both (image formation) and monochrome printing (image formation) are permitted, and if “prohibited” is set, the print (image formation) function cannot be used (that is, the print function) Is not available).

  In the “color upper limit” item, an upper limit print number (print upper limit value) of color printing (image formation) is set. In this “color upper limit” item, “0” is set as the upper limit number of prints for users who are not permitted to perform color printing.

  In the “monochrome upper limit” item, an upper limit print number (print upper limit value) for monochrome printing (image formation) is set. In this “monochrome upper limit” item, “0” is set as the upper limit number of prints for users who are not permitted to perform monochrome printing.

  Further, in the “SDK” item, when “prohibited” is set, it indicates that the SDK application cannot be used (that is, the SDK application cannot be used), while when “permitted” is set, Indicates that the SDK application can be used (that is, the SDK application can be used).

  FIG. 9 is a schematic diagram illustrating a configuration example of the delegation information registration table T3 managed by the delegation management unit 20d.

  As shown in FIG. 9, the delegation information registration table T3 is a table for registering delegation information for each regular user. Here, the delegation information is information for specifying the authority that a certain user delegates to another user.

  Specifically, in the delegation information registration table T3 shown in FIG. 9, the use of a copy function, a scanner function, a FAX (facsimile) function, a print (printer) function, an SDK application, etc. for other users as a user ID. Information indicating permission / non-permission of authority (“Yes”, “No”, etc.) and the maximum number of prints (color image formation) or monochrome print (monochrome image formation) that can be delegated to other users (printing) The delegation information in which information indicating the upper limit value is associated is registered.

  In the example of FIG. 9, when “Yes” is set in the “Copy” item, the copy authority (monochrome copy only) set for the other user himself (user identified by the user ID) Allowed to be delegated (such as permissions that are allowed or both color copying and monochrome copying are allowed), while if set to “No”, other users are Indicates that delegation of the copy authority set for the server is not permitted.

  In addition, if “Yes” is set in the “Scanner” item, it indicates that other users are allowed to delegate the scanner authority (authority to use the scanner function) that is set for itself, On the other hand, when “No” is set, it means that other users are not permitted to delegate the scanner authority set for the user.

  In addition, when “Yes” is set in the “FAX” item, it indicates that other users are allowed to delegate the FAX authority (authority to use the FAX function) set for itself, On the other hand, when “NO” is set, it indicates that other users are not permitted to delegate the FAX authority set for the user.

  In addition, if “Yes” is set in the “Print” item, the print authority set for the other user (self-permitted only for monochrome printing, color printing and monochrome printing) Permission to be delegated (for example, both are allowed), while if set to “No”, other users will not be allowed to delegate printing rights set for themselves. It shows that.

  In the “color upper limit” item, an upper limit print number of color printing (image formation) to be delegated to other users, “no” indicating that no delegation is permitted, and the like are set. For example, in this “color upper limit” item, “not” is set instead of the upper limit printing number for a user who is not permitted to perform color printing.

  In the “monochrome upper limit” item, an upper limit number of monochrome printing (image formation) delegated to other users, “no” indicating that no delegation is permitted, and the like are set. For example, in the “monochrome upper limit” item, “not” is set instead of the upper limit number of prints for a user who is not permitted to perform monochrome printing.

  In addition, when “Yes” is set in the “SDK” item, another user is allowed to delegate the SDK authority (authorization permitted to use the SDK application) set for the user. On the other hand, when “NO” is set, it means that the transfer of the SDK authority set for the other user is not permitted.

  Although the example of FIGS. 7 to 9 shows the case where the number of regular users is four, the present invention is not limited to this, and the number of regular users may be other than four. . Moreover, although the example of FIG. 9 shows the case where the delegation information is set for every user, the present invention is not limited to this, and it is sufficient that the delegation information of at least one user is set. Furthermore, in the example of FIG. 9, a form in which one type of delegation information is set for each user is shown, but the present invention is not limited to this, so that different authority can be delegated for each transfer user to whom authority is delegated. In order to do this, a plurality of types of delegation information can be set for each user, and information (such as a user ID) that can identify a transfer user (delegation target user) whose authority is transferred for each delegation information can be set. Is possible.

  Next, processing operations in the information processing system 1 according to the first embodiment will be described with reference to FIGS.

  FIG. 10 shows a flow of processing in the information processing system 1 when the user U1 (a transferee user to whom authority is transferred) temporarily transfers the authority from another user U2 (the user who has transferred the authority). FIG.

  The example of FIG. 10 shows a processing procedure when the user U1 with the user ID “1” delegates authority from the user U2 with the user ID “2”.

  As shown in FIG. 10, in this sequence, first, the user U1 uses a login screen displayed on the display unit of the operation display unit 32 of the image forming apparatus 3, and uses a user ID (for example, “1”) and a password. (For example, “1111”) or the like is input to execute a use request process (login process) for declaring the start of use (step S1). In addition to using the login screen, the use request process may be performed by causing the card information reading device to read an IC card or the like in which a user ID and a password are registered.

  Then, in the image forming apparatus 3, the input / output unit 30a outputs a use request (login request) signal including the user ID and password input in step S1 to the control unit 30b (step S2).

  Then, the control unit 30b passes the user ID and password included in the use request signal described above to the authentication request unit 30c and requests an authentication request (step S3). As a result, the authentication request unit 30c transmits an authentication request signal including authentication information (user ID and password) to the user management server 2 (step S4).

  When the request receiving unit 20a receives the authentication request signal from the image forming apparatus 3, the user management server 2 passes the authentication information (user ID and password) included in the received authentication request signal to the authentication unit 20b. Then, authentication is requested (step S5).

  Then, the authentication unit 20b refers to the authentication information registration table T1 (see FIG. 7), and the authentication succeeds or fails depending on whether authentication information that matches the received authentication information (user ID and password) is registered. (Step S6), and returns an authentication result (success or failure) to the request reception unit 20a (step S7).

  After that, when receiving the result of the authentication failure, the request receiving unit 20a returns a message to that effect (authentication failure) to the image forming apparatus 3. Hereinafter, the case where the authentication of the authorized user U1 is successful will be described. To do.

  That is, when the request reception unit 20a receives the result of the authentication success, the request reception unit 20a outputs an authority acquisition request signal including the user ID to the authority management unit 20c (step S8).

  Upon receiving the authority acquisition request signal, the authority management unit 20c refers to the authority information registration table T2 (see FIG. 8) based on the user ID included in the received authority acquisition request signal, and corresponds to the user ID. User U1 authority information registered in addition (copy “monochrome”, scanner “prohibited”, FAX “prohibited”, printing “monochrome”, color upper limit “0”, monochrome upper limit “10”, SDK “prohibited”, etc.) Is searched (step S9).

  Thereafter, the authority management unit 20c outputs the searched authority information to the request reception unit 20a (step S10).

  Then, the authority information received by the request receiving unit 20a is transmitted to the image forming apparatus 3 (step S11).

  In the image forming apparatus 3, the authentication request unit 30c that has received the authority information outputs the received authority information to the control unit 30b (step S12).

  Subsequently, the control unit 30b outputs an authority determination request signal including authority information to the authority determining unit 30d (step S13).

  Then, the authority determining unit 30d executes an authority determining process for inquiring with the authority in the apparatus based on the input authority information (step S14). Specifically, in the process of step S14, a function that can be used by the logged-in user (user U1) is determined based on the input authority information.

  Thereafter, the authority determining unit 30d outputs a determination result including information indicating a usable function to the control unit 30b (step S15).

  Then, based on the input determination result, the control unit 30b unlocks the function that can be used by the user U1, that is, sets the function that can be used by the user U1 to an available state (step S16). At this time, the control unit 30b notifies the user U1 through the input / output unit 30a that the usable function is unlocked and the usable function using the operation display unit 32 or the like. For example, the screen of FIG. 11A is displayed on the operation display unit 32. In the example of FIG. 11A, the user U1 can use the functions indicated by diagonal lines, that is, the monochrome copy function and the print function, based on the authority originally given to the user U1.

  Subsequently, when processing that cannot be performed by the authority of the user U1 who has logged in previously is performed, authority addition processing (additional login processing) is performed by another user U2 who has authority to perform the processing (step S17). As a method for adding authority, the user U2 presses the “add authority” button 321 displayed on the display unit of the operation display unit 32 (see FIG. 11A), and the user ID (“2”) and password (“ 2222 "), but it may be performed by causing the card information reading device to read an IC card or the like in which a user ID and a password are registered.

  Then, in the image forming apparatus 3, the input / output unit 30a outputs an authority addition request signal including the user ID ("2") and the password ("2222") input in step S17 to the control unit 30b (step S17). S18).

  Then, the control unit 30b delivers the user ID (“2”) and password (“2222”) included in the authority addition request input from the input / output unit 30a to the authentication request unit 30c, and issues an authority addition request. Request (step S19). Thereby, the authentication request unit 30c transmits an authority addition request signal including authentication information (user ID (“2”) and password (“2222”)) to the user management server 2 (step S20).

  When the request reception unit 20a receives the authority addition request signal from the image forming apparatus 3, the user management server 2 sends the authentication information (user ID (“2”)) included in the received authentication request signal to the authentication unit 20b. And the password (“2222”)) are requested and authentication is requested (step S21).

  Then, the authentication unit 20b refers to the authentication information registration table T1 (see FIG. 7), and the authentication information that matches the received authentication information {user ID (“2”) and password (“2222”)} is registered. Whether or not the authentication is successful is determined (step S22), and the authentication result (success or failure) is returned to the request reception unit 20a (step S23).

  After that, when receiving the result of the authentication failure, the request receiving unit 20a returns a message to that effect (authentication failure) to the image forming apparatus 3. Hereinafter, a case where the authentication of the authorized user U2 is successful will be described. To do.

  In other words, when receiving a successful authentication result, the request receiving unit 20a outputs a delegation information acquisition request signal including the user ID (“2”) to the delegation management unit 20d (step S24).

  When the delegation management unit 20d receives the delegation information acquisition request signal, the delegation management unit 20d refers to the delegation information registration table T3 (see FIG. 9) based on the user ID (“2”) included in the received acquisition request signal. The user U2 delegation information registered in association with the user ID (“2”) (copy “Yes”, scanner “Yes”, FAX “Yes”, print “Yes”, color upper limit “100”, monochrome The upper limit “100”, SDK “do”, etc.) are searched (step S25).

  Thereafter, the delegation management unit 20d outputs an authority acquisition request signal including the user ID (“2”) to the authority management unit 20c (step S26).

  Upon receiving the authority acquisition request signal, the authority management unit 20c refers to the authority information registration table T2 (see FIG. 8) based on the user ID (“2”) included in the received authority acquisition request signal. , Authority information (copy “color”, scanner “permitted”, FAX “permitted”, printing “color”, color upper limit “1000”, monochrome upper limit registered in association with the user ID (“2”) “1000”, SDK “permitted”, etc.) are searched (step S27).

  Thereafter, the authority management unit 20c outputs the retrieved authority information to the delegation management unit 20d (step S28).

  Then, the delegation management unit 20d outputs the delegation authority information obtained by adding the delegation information searched in step S25 to the authority information received from the authority management unit 20c to the request reception unit 20a (step S29).

  Then, the request reception unit 20a transmits the received delegation authority information to the image forming apparatus 3 (step S30).

  In the image forming apparatus 3, the authentication request unit 30c that has received the delegation authority information outputs the delegation information and authority information included in the received delegation authority information to the control unit 30b (step S31).

  Subsequently, the control unit 30b outputs the input delegation information and authority information to the authority determining unit 30d (step S32).

  Then, the authority determining unit 30d executes the authority determining process based on the authority information of the user U1 input in Step S13 and the delegation information and authority information input in Step S32 (Step S33). In the process of step S33, the logged-in user (user U1) is based on the authority that merges the authority of user U1 and the authority of delegation of user U2, that is, based on the function or usage permitted by either authority. Determine which features are available.

  Thereafter, the authority determining unit 30d outputs a determination result including information indicating the functions usable by the user U1 to the control unit 30b (step S34).

  Then, the control unit 30b releases the lock of the function that can be used by the user U1 based on the input determination result, that is, in this case, the user U1 can use it by delegating authority. The function is made available (step S35). At this time, the control unit 30b notifies the user U1 through the input / output unit 30a that the usable function is unlocked and the usable function using the operation display unit 32 or the like. For example, the screen of FIG. 11B is displayed on the operation display unit 32. In the example of FIG. 11B, the user U1 is delegated from the user U2 in addition to the functions permitted to be used based on the authority originally given to the user U1, that is, the monochrome copy function and the print function. This indicates that the functions permitted to be used based on the authority, that is, the color copy function, the scanner function, and the FAX function can be used.

  FIG. 12 is a schematic diagram showing the stage S35 described above, that is, the authority of the user U1 after delegation. That is, in the example shown in FIG. 12, after the authority is transferred from the user U2, the user U1 can use color copy in addition to monochrome copy as a copy function, and can use the scanner function, FAX function, and SDK application. As a printing function, color printing can be used in addition to monochrome printing, the upper limit number of color printing is changed from “0” to “100”, and the upper limit number of monochrome printing is “10” to “110”. Is shown.

  Although not particularly shown in FIG. 10, when the functions that can be used by the user U1 are used after the authority of the user U2 is transferred to the user U1, the upper limit value (the maximum number of prints) of the user U1 and the user U2 Update processing to reduce This update process can be realized by a method described in a second embodiment to be described later. Although not specifically shown in FIG. 10, the user U2 can also release the authority transferred at a desired timing after the authority is transferred to the user U1.

  That is, by executing the processing procedure shown in FIG. 10, when the user U1 wants to use a function (scanner function, FAX function, color copy function, etc.) that cannot be used with the authority given to him, By temporarily delegating the authority to another user U2 who is authorized to use, functions that could not be used (scanner function, FAX function, color copy function, etc.) can be used.

  Details of the authentication process in the user management server 2 that executes the processing procedure shown in FIG. 10 will be described with reference to FIG.

  FIG. 13 is a flowchart showing a processing procedure of authentication processing in the user management server 2.

  As shown in FIG. 13, in the user management server 2, the authentication unit 20b determines success / failure of authentication in step S101. If the authentication is successful (step S101: Yes), the request type is determined in step S102.

  If it is determined in step S102 that the request type is an authentication request (step S102: authentication request), then an authority acquisition process is performed in step S103, and then authentication is successful in step S104. The process is terminated.

  On the other hand, when it is determined in step S102 that the request type is an authority addition request (step S102: authority addition request), subsequently, in step S105, a delegation information acquisition process is performed, and then step S106. In, the delegation is successful and the process is terminated.

  On the other hand, if authentication fails in step S102 (step S101: No), authentication error processing is executed in step S107.

  According to the embodiment described above, a dedicated recording medium (delegation card) for performing authority delegation in order to delegate authority of one user to another user (authority delegation) as in Patent Document 1. Since it is not necessary to prepare, an information processing system capable of delegating authority while reducing the cost of system construction can be provided.

(Second Embodiment)
Next, a second embodiment will be described.

  First, the configuration of the information processing system 1 according to the second embodiment will be described with reference to FIG.

  FIG. 14 is a block diagram illustrating a configuration of an information processing system 1A according to the second embodiment.

  As illustrated in FIG. 14, the information processing system 1 </ b> A according to the second embodiment has a configuration in which a print server 5 is newly added to the information processing system 1 according to the first embodiment.

  Here, the print server 5 is a server device that manages print data. Specifically, the print server 5 receives print data from the client terminal device 4, accumulates the received print data, and directly stores it in the image forming apparatus 3. It is an apparatus that transmits data or transmits print data to the image forming apparatus 3 when there is a request from the image forming apparatus 3.

  In the information processing system 1 </ b> A of the second embodiment, print data is transmitted from the client terminal device 4 to the print server 5 via the network N when the user uses the client terminal device 4. At this time, the bibliographic information includes at least print attributes (number of pages, creator name (user name), password, title (job name), application name, etc.) and print conditions (double-sided / single-sided, color / Monochrome, aggregation, etc.), and bibliographic information and data to be actually printed are transmitted.

  Note that the hardware of the print server 5 can be configured in substantially the same manner as the configuration of the user management server 2 and the client terminal device 4 (see FIG. 2) described above, and therefore illustration and description thereof are omitted here.

  Next, the software configuration of the print server 5 will be described with reference to FIG.

  FIG. 15 is a block diagram illustrating a software configuration of the print server 5.

  As shown in FIG. 15, the CPU of the print server 5 executes a processing procedure shown in FIG. 16 to be described later by developing a predetermined control program stored in a ROM, an external storage device or the like in the RAM and executing it. The print data holding unit 50a, the print list creation unit 50b, and the print data acquisition unit 50c function.

  Here, the print data holding unit 50a holds print data.

  The print list creation unit 50b creates a print list.

  The print data acquisition unit 50c acquires print data held in the print data holding unit 50a.

  Next, processing operations in the information processing system 1A according to the second embodiment will be described with reference to FIGS.

  FIG. 16 is a sequence diagram illustrating a flow of processing in the information processing system 1 when the user U1 (user to whom authority is delegated) temporarily delegates authority from another user U2 (user to whom authority is delegated). It is. The example of FIG. 16 shows a processing procedure when the user U1 with the user ID “1” delegates authority from the user U2 with the user ID “2”.

  The processing procedure of the second embodiment shown in FIG. 16 differs from the processing procedure of the first embodiment shown in FIG. 10 in that the login process in steps S1 to S16 and the steps S17 to S35 in FIG. The print list process (step S40 to step S48) is newly added between the additional login process and the user's print execution process and user logout process (steps) after the additional login process of steps S17 to S35. S50 to step S64) are newly added. For this reason, in the following description, description of the same processing is omitted.

  However, in the second embodiment, in the authority determination process in the login process in steps S1 to S16 and the additional login process in steps S17 to S35, a print job that can be executed is used instead of determining a function that can be used by the user. It comes to judge.

  That is, in the processing procedure shown in FIG. 16, after the unlocking process in step S16, the user U1 performs a print list acquisition request operation using the screen displayed on the operation display unit 32 (step S40).

  Then, the input / output unit 30a notifies the control unit 30b that there is a print list acquisition request (step S41).

  The control unit 30b transmits a print list acquisition request signal added with the authentication information of the user U1 to the print server 5 (step S42).

  In the print server 5 that has received the above-described print list acquisition request signal, the print list creation unit 50b creates the print created by the user U1 from the print data held in the print data holding unit 50a based on the received authentication information. A print list of data is created (step S43). Specifically, in the process of step S43, the print list creation unit 50b collects bibliographic information of print data having information (creator name or password) that matches the authentication information, and creates a print list based on the bibliographic information. create.

  Subsequently, the print list creation unit 50b returns the created print list to the image forming apparatus 3 (step S44).

  Then, in the image forming apparatus 3, the control unit 30b passes the print list to the authority determining unit 30d and requests authority determination (step S45). Specifically, in the process of step S45, the control unit 30b requests the authority determining unit 30d to determine whether a job that can be printed and a job that cannot be executed from the authority given to the user U1 in the print list. To do.

  Then, the authority determination unit 30d executes authority determination processing (step S46), and a job that allows execution of printing in the print list based on the authority information (particularly, the upper limit number of prints of the color upper limit and the monochrome upper limit). And a print list that identifies a job that is not permitted to be printed is transmitted to the control unit 30b as a determination result (step S47).

  The control unit 30b displays the print list information (see FIG. 17A) included in the received determination result on the display unit of the operation display unit 32 (step S48). In the example of the print list shown in FIG. 17A, only the job with the job name: document4 can execute the printing process, and the other jobs (four jobs with the job names: documents 1-3, 5) cannot execute the printing process. It is shown that.

  Subsequently, a user print execution process and a user logout process (steps S50 to S64) after the additional login process substantially similar to the additional login process of steps S17 to S35 illustrated in FIG. 10 will be described.

  First, the user U1 uses the operation display unit 32 to perform an operation for requesting execution of printing (step S50).

  Then, the input / output unit 30a transmits a print execution request to the control unit 30b (step S51), and the control unit 30b controls processing for executing printing (step S52). Specifically, the control unit 30b performs printing by requesting a functional unit (such as the image forming unit 35) that performs printing to perform printing.

  After executing printing, the control unit 30b requests the authority determination unit 30d to update the print upper limit value (step S53).

  The authority determining unit 30d updates the print upper limit value based on the print upper limit value update request (step S54). Details of the update process of the print upper limit value in step S54 will be described later.

  After the update process in step S54, the authority determination unit 30d determines the authority of the print list again based on the updated print upper limit value (step S55), and transmits the determination result (updated print list) to the control unit 30b ( Step S56). At this time, the authority determining unit 30d transmits the updated authority information {such as user U1 authority information and user U2 delegation information) to the control unit 30b.

  The control unit 30b displays the updated print list information (see FIG. 17B) included in the received determination result on the display unit of the operation display unit 32 (step S57). The example of the print list shown in FIG. 17B indicates that print processing of all jobs (job names: five jobs of documents 1 to 5) can be executed, and the remaining printable number of the user U1 has increased. Compared with the situation, that is, FIG. 17A, the remaining number of printable colors is increased from “0” to “100”, and the remaining number of monochrome printable sheets is increased from “10” to “110”. It shows a state.

  Thereafter, the user U1 performs a logout operation using the operation display unit 32 (step S58). Then, a use stop request is output from the input / output unit 30b to the control unit 30b (step S59).

  Then, the control unit 30b transmits the updated authority information {both authority information of the user U1 and delegation information of the user U2} received from the authority determining unit 30d to the user management server 2 (step S60).

  In the user management server 2 that has received the updated authority information, the request receiving unit 20a passes the updated authority information of the user U1 to the authority management unit 20c (step S61), and the delegation information of the user U2 updated to the delegation management unit 20d. (Step S62). Thereby, the authority management unit 20c updates the authority information of the user U1 (step S63), and the delegation management unit 20d updates the delegation information of the user U2 (step S64).

  Note that the processing relating to the updating of the upper limit values in steps S53 and S54 described above does not have to be performed after printing execution. For example, before the printing execution or during printing execution (for example, every time one page is printed) You may make it update.

  Next, details of the printing upper limit update process in step S54 described above will be described.

  For example, the following method [1] or [2] can be considered as the update processing method of the print upper limit value in step S54.

  [1] When the print job that has been printed remains within the print upper limit value included in the authority information of the user U1, the print upper limit value of the user U1 is updated (that is, the amount used from the print upper limit value is updated). Or the printing upper limit value (hereinafter simply referred to as “delegation upper limit value”) included in the delegation information of the user U2 is updated.

  Whether or not to update the delegation upper limit value of the user U2 is determined by setting permission / non-permission information in the delegation authority, or by previously setting the administrator in a unified manner.

  [2] If the print job that has been printed does not stay within the print upper limit value included in the authority information of the user U1, the print upper limit value of the user U1 is updated, and the shortage is transferred to the user U2 delegation upper limit. Subtract from value or update delegation upper limit for user U2.

  In the method [2], a distribution rate is determined in advance. If it does not fit based on the distribution rate, it is subtracted from the delegation upper limit.

  As for the distribution ratio, for example, when the user U1 print upper limit value is “10” and the user U2 delegation upper limit value is “100”, the user U1 executes 16 sheets of printing. At this time, if the distribution ratio is 50:50, “8” is subtracted from the printing upper limit value “10” of the user U1, the updated printing upper limit value is “2”, and the delegation upper limit value “100” of the user U2. "8" is subtracted from "", and the delegation upper limit after the update is "92".

  When the decimal point comes out, it is possible to match by subtracting as it is or by rounding up one side and rounding down the other. The distribution ratio can be set in the delegation information, or a method in which the system administrator sets the image forming apparatus 3 uniformly.

  Further, in the processing procedure of FIG. 16 described above, update processing of the print upper limit values of the authority information of the user (user U1) to whom authority is delegated and the delegation information of the user (user U2) to whom authority is delegated is performed. Although the embodiment performed on the third side has been described, it may be performed by the user management server 2 in addition to this.

  In that case, specifically, on the image forming apparatus 3 side, the print execution number (used amount) of the user (user U1) to whom authority is transferred is subtracted from the print upper limit value after authority transfer (see FIG. 12). Stay in processing. Then, after the user (user U1) to whom authority is delegated logs out, the image forming apparatus 3 transmits to the user management server 2 the print upper limit value after authority delegation that has been updated by the above-described drawing process. Then, on the user management server 2 side, the print upper limit value of the user U1 held on the user management server 2 side and the delegation upper limit value of the user U2 are added, and the print upper limit value after authority transfer received from the image forming apparatus 3 is added. The usage amount is calculated by subtracting and the update processing is performed as appropriate. That is, the upper limit of each of the authority information of the user (user U1) to whom authority is delegated and the delegation information of the user (user U2) to whom authority is delegated Execute value update processing.

  Next, a method for setting delegation information will be described with reference to FIG.

  FIG. 18 is a diagram illustrating a configuration example of the authority delegation setting screen S <b> 1 displayed on the client terminal device 4.

  The authority transfer setting screen S1 shown in FIG. 18 is a screen (Web UI) for setting the transfer information registered in the transfer information registration table T3 (FIG. 9).

  When each user sets delegation information using this authority transfer setting screen S1 and presses an “OK” button 401, the client terminal device 4 uses the delegation information and user set on the authority transfer setting screen S1. The ID is transmitted to the user management server 2 via the network N. Then, in the user management server 2 that has received the delegation information, the delegation management unit 20d updates the contents of the delegation information registration table T2 based on the received user ID and delegation information.

  According to such a configuration, each user can set the delegation information by himself / herself, thereby enabling more flexible print management.

  Next, various modifications of the above-described embodiment will be described.

  First, a configuration that enables setting of a period for delegating authority in the first and second embodiments will be described with reference to FIGS. 19 and 20.

  FIG. 19 is a block diagram showing a modification of the software configuration of the image forming apparatus 3 shown in FIG. 5. In this case, a period determination unit 30e for newly setting and managing a period for delegating authority is newly added. It shows how it was done.

  As shown in FIG. 19, this configuration is the same as the configuration shown in FIG. 5 except that a period determination unit 30 e is newly added. For this reason, description is abbreviate | omitted about the same structure.

  Here, the period determination unit 30e performs setting and management of a period for delegating authority, and when the period expires, the period determination unit 30e can be newly used corresponding to the authority delegated to the control unit 30b. Instruct the use prohibition (lock) of the function that has become. Receiving the instruction, the control unit 30b prohibits (locks) the use of the corresponding function.

  As a period for delegating authority, it is possible to set an arbitrary time or the like until one job is completed, a user logs out, or the like. The period for delegating authority can be set individually by the delegating user who delegates authority, or can be set collectively by the system administrator who manages the information processing system 1. .

  FIG. 20 is a schematic diagram illustrating an example of transition of a screen displayed on the operation display unit 32 of the image forming apparatus 3 when the period for delegating authority is set to “until one job is completed”. .

  In the example shown in FIG. 20, FIG. 20A shows a screen displayed on the operation display unit 32 after the unlocking process in step S16 in the processing procedure of FIG. 10 in the first embodiment, and FIG. ) Shows the screen displayed on the operation display unit 32 after the additional lock release processing of step S35 in the processing procedure of FIG. 10, and FIG. 20C shows the additional lock of step S35 of the processing procedure of FIG. A screen (that is, the same as that shown in FIG. 20A) displayed on the operation display unit 32 when one print job of the user U1 is executed after the cancel processing and the job is completed is shown.

  That is, after one print job of the user U1 to whom the authority is transferred is executed, a state where the functions newly available with the authority transferred from the user U2 to which the authority is transferred cannot be used. ing.

  In this way, by setting and managing the period for delegating authority, once the authority once added is canceled, it is necessary to log in again, so it is used more than expected by other users. It is possible to prevent such a situation from occurring.

  The period for which authority is delegated can be set by each user or system administrator using a period setting screen displayed on the client terminal device 4 or the like.

  In addition, the timing for delegating authority can be set at the time of additional login. Specifically, at the time of additional login, the image forming apparatus 3 displays a dialog for setting the authority delegation period on the operation display unit 32 under the control of the control unit 30b, and the authority is set via the dialog. It is possible to accept the designation of the period for delegating authority by the user U2 to be delegated and to set and manage the period for delegation to the period determination unit 30e.

  Next, a configuration for the user {user U2} delegating authority not to perform an additional login operation will be described with reference to FIG.

  FIG. 21 is a schematic diagram illustrating a configuration example of an authentication information registration table T1-1 that is a modification of the authentication information registration table T1 illustrated in FIG.

  In the authentication information registration table T1-1 shown in FIG. 21, a password for delegating authority is set separately from the password for authentication.

  In the information processing system using the authentication information registration table T1-1, the transfer user (user U1 or the like) to whom the authority is transferred is transferred from the transfer source user (user U2 or the like) to transfer the authority. Or, ask the authority delegation password set by the system administrator in advance. For example, after the login process by the user U1, additional login (addition of authority) using the authority delegation password previously heard from the user U2 Request), the image forming apparatus 3 sends an authority addition request signal including the input authority delegation password to the user management server 2.

  Then, the user management server 2 performs authentication with reference to the authentication information registration table T1-1 based on the information included in the authority addition request signal described above, and specifies the ID of the user U2 to whom authority is delegated. Based on the specified user ID, the authority information registration table T2 and the delegation information table T3 are referred to, and the authority information of the user U2 who delegates authority and the delegation information of the user U2 who delegates authority are acquired and an image is obtained. Transmit to the forming apparatus 3. Accordingly, authority addition processing is performed based on the information received by the image forming apparatus 3 (that is, the function that can be used by the user U1 is determined, and the function that can be used by the user U1 is unlocked).

  With this configuration, the user who delegates authority does not need to perform an additional login operation.

  Next, a configuration in which the authority can be delegated only to a specific user in the configuration in which the authority transfer password is set as described above will be described with reference to FIG.

  FIG. 22 is a schematic diagram illustrating a configuration example of an authentication information registration table T1-2 that is a modification of the authentication information registration table T1 illustrated in FIG.

  As shown in FIG. 22, in the authentication information registration table T1-2 of this modification, the user ID of the user to whom authority is delegated (delegation destination user ID) is managed in association with the user ID.

  By using such an authentication information registration table T1-2, authority can be delegated only to a specific user in a configuration in which a delegation password is set.

  As the transferee user ID, only a single user ID may be registered, or a plurality of user IDs may be registered. In addition, in a configuration in which users are managed in groups, a password for each group may be registered for each group.

  Next, a configuration capable of designating a transferee user to whom authority is delegated, that is, a delegation target user to which authority is to be delegated, will be described with reference to FIGS.

  FIG. 23 is a schematic diagram illustrating a configuration example of a delegation information registration table T3-1 that is a modification of the delegation information registration table T3 illustrated in FIG.

  As shown in FIG. 23, in the delegation information registration table T3-1, the delegation information includes information related to a delegation target user who is a target for delegating authority.

  FIG. 24 is a flowchart showing a procedure of authentication processing in the user management server 2 when the delegation information registration table T3-1 shown in FIG. 23 is used, and is a modification of the processing procedure of FIG.

  In the processing procedure of FIG. 24, the determination of step S108 and the processing of step S109 are newly added to the processing procedure of FIG. 13, and thus the description of the same steps will be omitted below. .

  That is, in this processing procedure, when it is determined in step S102 that the request type is an authority addition request (step S102: authority addition request), the user management server 2 determines in step S108 the delegation information registration table T3. −1, it is determined whether or not the user is a delegation target user. As a result of this determination, when it is determined that the user is a delegation target user (step S108: Yes), the user management server 2 shifts the process to the process of step S105. On the other hand, if it is determined in step S108 that the user is not a delegation target user (step S108: No), the user management server 2 shifts the process to step S109 and executes a delegation error process.

  According to such a configuration, since it is possible to designate a delegation target user, it becomes possible to change the delegation condition even if the billing destination is delegated or not by a different user, so that more flexible print management Can be done.

  As a transfer target user, only a single user or a plurality of users may be registered. In addition, in a configuration in which users are managed in groups, groups may be registered.

  In the above-described embodiment, the case where the image forming apparatus 3 is a multifunction peripheral (MFP) having a copy function, a scanner function, a facsimile (FAX) function, and a printer (printing) function has been described. Alternatively, other image forming apparatuses may be used. For example, a laser printer (LP: Laser Printer) may be used.

  In the above-described embodiment, functions (copy function, scanner function, FAX function, print function, etc.) that can be used for a plurality of users and can be used for each user by setting the authority for use for each user. Although the case of the image forming apparatus 3 has been described as an apparatus capable of limiting the usage amount (upper limit number of color printing, upper limit number of monochrome printing, etc.), the present invention is not limited to this, and other information processing apparatuses are used. For example, a projector, a portable information processing terminal, or the like can be used.

  In the above-described embodiment, the case where the client terminal device 4 is a PC has been described. However, the present invention is not limited to this, and other types of devices may be used. For example, a portable information processing terminal may be used. Is possible.

  Moreover, although embodiment mentioned above demonstrated the form provided with the user management server 2, it is not limited to it, Each module (The request | requirement reception part 20a, the authentication part 20b, the authority management part 20c, and delegation management provided with the user management server 2) The unit 20d) is configured to be provided in another information processing apparatus (any one client terminal apparatus 4 of the plurality of client terminal apparatuses 4 or any one image forming apparatus 3 of the plurality of image forming apparatuses 3). You may do it.

  In the above-described embodiment, the method for setting the delegation information using the authority transfer setting screen S1 (Web UI) has been described. However, the present invention is not limited to this, and other methods may be used. For example, Windows (registration) It is also possible to adopt a form of importing / exporting from a file such as a trademark application or an XML file.

  In the above-described embodiment, although not specifically described, it is possible to provide means for the system administrator to perform initial setting of delegation information for each user. Specifically, for example, in the image forming apparatus 3 or the user management server 2, when the system administrator logs in, the initial setting reception unit of the user management server 2 performs initial setting of the delegation information of each user by the system administrator. The delegation management unit 20d is configured to perform initial setting of delegation information based on the initial setting received by the above-described initial setting receiving unit. According to such a configuration, it is possible to reduce management costs and improve convenience.

  The program for executing the processing procedure in the above-described embodiment can be provided by being incorporated in advance in a storage unit such as a ROM of each device (user management server 2, image forming device 3, and print server 5). Further, the above-described program can be provided by being stored in a computer-readable storage medium as a file in an installable or executable format. Furthermore, the above-described program can be provided or distributed via a network such as the Internet.

  Moreover, although some embodiment of this invention was described, these embodiment is shown as an example and is not intending limiting the range of invention. These novel embodiments can be implemented in various other forms, and various omissions, replacements, and changes can be made without departing from the scope of the invention. These embodiments and modifications thereof are included in the scope and gist of the invention, and are included in the invention described in the claims and the equivalents thereof.

1 Information processing system 2 User management server (management device)
3 Image forming device (information processing device)
4 Client terminal device 5 Print server (print management device)
20a Request receiving part (request receiving means)
20b Authentication unit (authentication means)
20c Authority management section (authority management means)
20d Delegation Management Department (Delegation Management Means)
30a Input / output unit 30b Control unit (function limiting means, period designation receiving means)
30c Authentication request part 30d Authority judgment part 30e Period judgment part (period management means)

JP 2009-151510 A

Claims (11)

An information processing system comprising an information processing device and a management device,
The management device
Delegation management means for managing delegation information capable of specifying the authority of use of the information processing device to be delegated to other users registered in association with identification information of a delegation source user who has authority to use the information processing device When,
When the information processing apparatus receives an authority addition request for requesting addition of authority to use the information processing apparatus for the other user, information that can identify a user who delegates the authority included in the authority addition request Request acceptance means for acquiring the delegation information of the user who delegates the authority based on the delegation management means and transmitting the information to the information processing apparatus;
An information processing system. The management device
A receiving means for receiving the delegation information individually set by each user;
The information processing system according to claim 1, wherein the delegation management unit registers and manages delegation information based on delegation information received by the reception unit. The information processing apparatus includes:
A period management means for setting and managing a period for delegating authority;
When the period managed by the period management unit elapses, a function limiting unit that disables a function that can be used by the delegated authority; and
The information processing system according to claim 1, further comprising: The information processing apparatus includes:
A period designation accepting unit for accepting designation of the period when the authority addition request is generated;
The information processing system according to any one of claims 1 to 3, wherein the period management unit sets the period based on acceptance of the period designation reception unit. An authentication unit that manages authentication information for each user registered in association with the user identification information;
The request accepting unit, when receiving the authority addition request from the information processing apparatus, delegates the authority based on the authority delegation password registered in the authentication information included in the authority addition request. The information processing system according to any one of claims 1 to 4, wherein the delegation information is acquired from the delegation management unit.   The information processing system according to claim 5, wherein the authentication information further registers identification information of a user to whom authority is delegated.   The information according to any one of claims 1 to 6, wherein the delegation management unit manages the delegation information for further registering information indicating a user whose authority is to be delegated in association with identification information for each user. Processing system. The management device
An initial setting receiving means for receiving an initial setting of the delegation information by a system administrator;
The information processing system according to any one of claims 1 to 7, wherein the delegation management unit performs an initial setting of the delegation information based on an initial setting received by the initial setting reception unit. The information processing apparatus is an image forming apparatus that forms an image on a recording medium,
A print management device for managing print data;
The information processing apparatus includes:
A determination unit that determines a print job that can be executed in a list of print jobs of a user to whom the authority is delegated based on the delegation information received from the management device;
The information processing system according to any one of claims 2 to 8, further comprising: Delegation management means for managing delegation information capable of specifying the authority of use of the information processing apparatus to be delegated to other users registered in association with identification information of a delegation source user having authority to use the information processing apparatus; ,
When the information processing apparatus receives an authority addition request for requesting addition of authority to use the information processing apparatus for the other user, information that can identify a user who delegates the authority included in the authority addition request Request acceptance means for acquiring the delegation information of the user who delegates the authority based on the delegation management means and transmitting the information to the information processing apparatus;
A management device. Computer
Delegation management means for managing delegation information capable of specifying the authority of use of the information processing apparatus to be delegated to other users registered in association with identification information of a delegation source user having authority to use the information processing apparatus; ,
When the information processing apparatus receives an authority addition request for requesting addition of authority to use the information processing apparatus for the other user, information that can identify a user who delegates the authority included in the authority addition request Request acceptance means for acquiring the delegation information of the user who delegates the authority based on the delegation management means and transmitting the information to the information processing apparatus;
Program to make it work.

Images