Next, a first exemplary embodiment will be described while referring to the drawings.
As shown in
In
A system administrator utility (AU) 100 is operated on, for example, the server PC (application server) shown in
The user information server (AD) 101 holds user information 110 such as a user ID and a password. Then, in the network system, the user information server (AD) 101 holds function restriction information (ACL) 107 which indicates which function of the multi function copying machine (MFP) 104 can be used for each user. The user information server (AD) 101 is operated on, for example, a directory server 203 shown in
A ticket issuing server (SA) 102 is operated, for example, on the server PC 202 shown in
The printer driver (Drv) 103 is operated, for example, on the client PCs 211 to 213 and 221 to 223 shown in
An actual performance collection server (JSS) 106 is configured to count, for example, the actual performance of job execution by the respective users to be notified by an actual performance collection client 109, which will be described below, across a plurality of devices (the MFP 104). Herein, the actual performance of the job execution includes, for example, the actual performance value of the printed sheet number. Then, the actual performance collection server (JSS) 106 holds a user job issuance state 108 that is an execution state of jobs by the respective users in the entire network system. In the example shown in
The user job issuance state 108 is information indicating whether or not after the ACT 105 is issued, the job using the ACT 105 has been completed for the respective users. The user job issuance state 108 is saved in the actual performance collection server (JSS) 106 as data that is managed by the actual performance collection server (JSS) 106.
The actual performance collection client (JSS Client) 109 is provided to each of the multi function copying machines (MFP) 104 and is operated in the multi function copying machine (MFP) 104. The actual performance collection client (JSS Client) 109 informs the actual performance collection server (JSS) 106 of the actual performance of the job execution by the respective users in the multi function copying machine (MFP) 104 to which the actual performance collection client itself belongs. In this way, the actual performance of the job execution by the respective users in the network system is held at the actual performance collection client (JSS Client) 109.
It should be noted that the actual performance of the job execution in the plurality of multi function copying machines (MFP) 104 may be counted by the actual performance collection client (JSS Client) 109.
Next, while referring to
In
To be more specific, according to this exemplary embodiment, the network 201 is structured by Ethernet (registered trademark) and operated by an authentication VLAN (Virtual LAN). The “authentication VLAN” refers to a virtual LAN (VLAN) which is capable of managing and restricting accesses for each user by using the user ID and the password but which does not manage or restrict accesses for each terminal (for example, PC or MFP). Therefore, when the user logs the network 201 in from any terminal, the user can only access a terminal belonging to a permitted VLAN but cannot access a terminal belonging to an unpermitted VLAN.
The server PC 202 is provided with a computer supporting an OS (Operating System) such as Microsoft Windows (registered trademark) or UNIX (registered trademark) and an application program for realizing the OS and a management function and the like of the OS. The system administrator utility (AU) 100 and the actual performance collection server (JSS) 106 shown in
The directory server 203 holds the function restriction information (ACL) 107, the user information 110, and the like. The user information server (AD) 101 shown in
The authentication VLAN server 204 is configured to manage setting information of the authentication VLAN. According to this exemplary embodiment, the authentication VLAN server 204 includes a management table 204a for managing an ID of a user for logging in the network 201, a password of the user, and a name of the VLAN allocated to the user. The management table 204a may be created by the system administrator or may be automatically created by the authentication VLAN server 204 on the basis of information sent from the client PCs 211 to 213 and 221 to 223.
When the user logs in the network 201, the IP address management server 205 operates in association with the authentication VLAN server 204 to allocate IP addresses to the terminals (the client PCs 211 to 213 and 221 to 223, and the like). According to this exemplary embodiment, the IP address management server 205 includes a management table 205a for managing a name of the VLAN, an IP address range in the VLAN, and a subnet mask of the IP address. The management table 205a may be created by the system administrator or may be automatically created by the IP address management server 205 on the basis of information sent from the client PCs 211 to 213 and 221 to 223. It should be noted that a protocol for managing the IP address includes, for example, DHCP (Dynamic Host Configuration Protocol).
The VLANs 206 and 207 are a logical VLAN composed of the authentication VLAN. It should be noted that herein a name of the VLAN 206 is set as “VLAN 1” and a name of the VLAN 207 is set as “VLAN 2”.
Authentication VLAN switches 208 and 209 are switches for composing the authentication VLAN and are configured to control packets to be sent to the network 201. For example, the authentication VLAN switch 208 controls such that packets sent from VLAN 206 are prevented from being sent to other VLAN like the VLAN 207 or the like. It should be noted that according to this exemplary embodiment, the server PC 202, the directory server 203, the authentication VLAN server 204, and the IP address management server 205 are set to be accessible from any of the VLANs 205 and 206.
The client PCs 211 to 213 and 221 to 223 is provided with a computer supporting an OS such as Microsoft Windows (registered trademark) or UNIX (registered trademark). The printer driver (Drv) 103 shown in
The devices 214 to 216 and 224 to 226 are equivalent to the multi function copying machine (MFP) 104 shown in
It should be noted that the above-described configuration is merely an example. For example, all of the actual performance collection client 109, the ticket issuing server (SA) 102, the printer driver (Drv) 103, and the like other than the multi function copying machine (MFP) 104 shown in
In other words, an interface between the printer driver (Drv) 103 and the ticket issuing server (SA) 102 may be a physical communication medium or may be composed of a logical interface formed in a software manner for message communication. Herein, the physical communication medium is, for example, a network, a local interface, a CPU bus, etc. Similarly, an interface between the ticket issuing server (SA) 102 and the actual performance collection server (JSS) 106 may be composed of a physical communication medium or a logical interface. Then, an interface between the ticket issuing server (SA) 102 and the user information server (AD) 101 and an interface between the actual performance collection client 109 and the actual performance collection server (JSS) 106 may be composed of a physical communication medium or a logical interface.
In addition, the devices 214 to 216 and 224 to 226 are not limited to the multi function copying machine (MFP). For example, the devices 214 to 216 and 224 to 226 may be a printer, a copying machine, a fax machine, a scanner device, and the like. Furthermore, the above-described functions may be executed while a CPU executes a program or may be realized by way of mounting of a hardware circuit.
In
The RAM 503 functions as a main memory of the CPU 501, a work area, or the like. A key board controller (KBC) 505 is configured to control instruction inputs from a key board (KB) 509, a pointing device not shown in the drawing, and the like. A CRT controller (CRTC) 506 is configured to control display of a CRT display (CRT) 510.
A disc controller (DKC) 507 is configured to control accesses of the hard disc drive (HD) 511 that stores a boot program, various application programs, an editing file, a user file, etc., and a flexible disc controller (FD) 512. A network interface card (NIC) 508 is configured to exchange data with an external device via the network 201 in bidirectional directions.
It should be noted that as a user interface of the server PC 202, there are a device physically connected to the server PC 202 such as the KB 509 and the CRT 510 as well as a Web interface with use of HTTP/HTML, or the like. Thus, it is possible to operate the server PC 202 via the network 201 from an administrator's computer that is connected to the network 201 and is not shown in the drawing.
In addition, the directory server 203, the authentication VLAN server 204, and the IP address management server 205 can also be realized by using the hardware shown in
In
A CPU 2001 is a controller for controlling the entirety of the system. A RAM 2002 is a system work memory for operating the CPU 2001 and is also an image memory for temporarily storing image data. A ROM 2003 is a boot ROM, which stores a boot program for the system. An HDD 2004 is a hard disc drive, which stores a system software, image data, history record (log), and the like.
An operation unit I/F 2006 is an interface unit with respect to an operation unit (UI: User Interface) 2012 having a touch panel, and is configured to output image data to be displayed on the operation unit 2012, to the operation unit 2012. Then, the operation unit I/F 2006 also has a function of informing the CPU 2001 of the information input by the user from the operation unit 2012. A network I/F 2010 is connected the network 201 and is configured to input and output the information.
A modem 2050 is connected, for example, to a public circuit and is configured to input and output the information.
An IC card slot 2100 is configured to input an appropriate PIN (Personal Identifier Number) code after an IC card medium is inserted. As a result, it is possible to input and output a key used for encoding and decoding.
An image bus I/F 2005 connects a system bus 2007 to an image bus 2008 for transferring the data at a high speed and function as a bus bridge for converting data structure. The image bus 2008 is composed of a PCI bus or IEEE1394. On the image bus 2008, the following devices are arranged.
A raster image processor (RIP) 2060 is configured to develop a PDL code into a bit map image. A device I/F 2020 connects the scanner 2070 and the printer 2095 which are image input and output device with a control unit 2000 to perform conversion of synchronous system/asynchronous system of the image data. A scanner image processing unit 2080 is configured to perform correction, processing, editing, and the like on the input image data. A printer image processing unit 2090 is configured to perform printer correction, resolution conversion, and the like on print output image. An image rotation unit 2030 is configured to perform rotation of the image data. An image compression unit 2040 is configured to perform a compression and expansion process based on JPEG on multivalued image data and to perform a compression and expansion process based on JBIG, MMR, or MH on binary image data.
An encode and decode processing unit 2110 is a hardware accelerator board for performing an encode and decode processing on the data with use of a key input in an IC card slot 2100. An OCR and OMR processing unit 2111 is configured to perform a process for decoding character information or a two dimensional barcode included in the image data to be converted for the character encode.
Next, an operation outline of the entire network system according to this exemplary embodiment will be described. First, the system administrator utility (AU) 100 sets the function restriction information (ACL) 107 for each user with respect to the user information server (AD) 101. As a result, the function restriction information (ACL) 107 is saved in the user information server (AD) 101.
Next, when a job (such as a print job) is issued to the multi function copying machine (MFP) 104, with use of an ID of a user as an argument, the printer driver (Drv) 103 requests the ticket issuing server (SA) 102 to issue the ACT 105 in which a function that can be used by the user is described. In other words, the printer driver (Drv) 103 sends to the ticket issuing server (SA) 102 an ACT issuance request of the identification information (the user ID) of the user to which the job such as the print job is to be issued.
Next, the ticket issuing server (SA) 102 obtains the function restriction information (ACL) 107 corresponding to the user to which the job is to be issued, among the function restriction information (ACL) 107 stored in the user information server (AD) 101. Furthermore, the ticket issuing server (SA) 102 obtains the actual performance of the job execution by the user to which the job is to be issued from the actual performance collection server (JSS) 106. Herein, the user to which the job is to be issued is identified on the basis of the user identification information included in the ACT issuance request.
Next, the ticket issuing server (SA) 102 determines a setting content of the job that should be permitted to the user on the basis of the function restriction information (ACL) 107 obtained from the user information server (AD) 101 and the actual performance of the job execution obtained from the actual performance collection server (JSS) 106. The ticket issuing server (SA) 102 generates the ACT 105 that reflecting the determined job setting content and provides an electronic signature for proving that the ACT is issued by the ticket issuing server (SA) 102. Then, the ticket issuing server (SA) 102 returns the electronically signed ACT 105 to the Drv 103.
Next, the printer driver (Drv) 103 adds the ACT 105 received from the ticket issuing server (SA) 102 as a part of a header before the job is sent to the multi function copying machine (MFP) 104. Then, the printer driver (Drv) 103 sends the job to which the ACT 105 is added to the multi function copying machine (MFP) 104 to execute the job.
In
The multi function copying machine (MFP) 104 having received the job 600 of the above-described content compares a list of usable devices described in the access control token 602 of the received job 600 with the request content described in the body part 603. Then, when the request content is included in the usable function, the multi function copying machine (MFP) 104 executes the request content is executed. On the other hand, when the request content is not included in the usable function, the multi function copying machine (MFP) 104 cancels the job 600.
In
A description 702 is a part where usable functions by the user who obtains the access control token 602 in the multi function copying machine (MFP) 104 is described. In the example shown in
A description 703 is a part where an upper limit value of the print sheet number in the multi function copying machine (MFP) 104 that can be used by the user who obtains the access control token 602. In the example shown in
In the ACL 107, for each of users belonging to the VLAN allocated to the ACL 107, the function restriction information related to the restriction of the respective functions that the multi function copying machine (MFP) 104 has.
Next, while referring to a flowchart of
First, in Step S101, the system administrator utility (AU) 100 obtains, from the authentication VLAN server 204, VLAN information related to VLAN that is set with respect to the network 201. Then, the system administrator utility (AU) 100 creates a list of VLANs managed in the network 201.
Next, in Step S102, the system administrator utility (AU) 100 obtains, from the user information server (AD) 101 operating on the directory server 203, a list of users managed in the network 201 (the user information 110). Then, the system administrator utility (AU) 100 creates a list of users managed in the network 201.
Next, in Step S103, the system administrator utility (AU) 100 takes out unprocessed VLAN data from the list created in Step S101. Furthermore, the system administrator utility (AU) 100 takes out, from the ACL 107 held in the user information server (AD) 101, the ACL 107 for the unprocessed VLAN. Then, the system administrator utility (AU) 100 displays the ACL 107 for the unprocessed VLAN on the user interface.
Next, in Step S104, the system administrator utility (AU) 100 takes out, from the list of users created in Step S102, unprocessed user data.
Next, in Step S105, the system administrator utility (AU) 100 asks the authentication VLAN server 204 whether or not the unprocessed user taken out in Step S104 belongs to the unprocessed VLAN taken out in Step S103. Then, the system administrator utility (AU) 100 determines whether or not the unprocessed user taken out in Step S104 belongs to the unprocessed VLAN taken out in Step S103 on the basis of this inquiry. As a result of this determination, in a case where the unprocessed user taken out in Step S104 belongs to the unprocessed VLAN taken out in Step S103, a process in Step S106 is executed. On the other hand, in a case where the unprocessed user taken out in Step S104 does not belong to the unprocessed VLAN taken out in Step S103, a process in Step S107 is executed.
In Step S106, the system administrator utility (AU) 100 enables input an entry (row) of the user determined to belong to the unprocessed VLAN in a display area of the ACL 107 for the unprocessed VLAN displayed in Step S103.
On the other hand, in Step S107, the system administrator utility (AU) 100 disables an entry (row) of the user determined to belong to the unprocessed VLAN in the display area of the ACL 107 for the unprocessed VLAN displayed in Step S103.
Next, in Step S108, the system administrator utility (AU) 100 sets the unprocessed user taken out in Step S104 processed in the user list in Step S102. Then, the system administrator utility (AU) 100 determines whether or not all the users in the user list created in Step S102 are set as processed. As a result of this determination, in a case where all the users are set as processed, a process in Step S109 is executed. On the other hand, in a case where not all the users are set as processed, the process in Steps S104 to S108 is repeatedly performed until all the users are set as processed.
Next, in Step S109, the system administrator utility (AU) 100 sets the restriction for the user belonging to the unprocessed VLAN on the basis of the operation of the system administrator with respect to the ACL 107 for the unprocessed VLAN displayed in Step S103. It should be noted that the system administrator uses the user interface provided to the system administrator utility (AU) 100 to perform the operation on the ACL 107 for the unprocessed VLAN. Then, the restriction for the user includes an item of a function restricted to the user, an upper limit value, and the like, as the above-described.
Next, in Step S110, the system administrator utility (AU) 100 sets the unprocessed VLAN taken out in Step S103 as processed in the VLAN list created in Step S101. Then, the system administrator utility (AU) 100 determines whether or not all the VLANs in the VLAN list created in Step S101 are set as processed. As a result of this determination, in a case where all the VLANs are set as processed, this process sequence is ended. On the other hand, in a case where not all the VLANs are set as processed, the process in Step S103 to S110 is repeatedly performed until all the VLANs are set as processed.
As described above, according to this exemplary embodiment, while the operation is performed with use of the authentication VLAN, the network 201 is divided into groups of the plurality of VLANs 206 and 207. Then, in unit of the grouped VLANs 206 and 207, information related to the restriction of functions (the ACL 107) that can be used by the user who can access the VLANs 206 and 207 is set. As a result, regarding the users who can access the VLANs 206 and 207, the setting for the restriction of the functions of the devices 211 to 213 and 221 to 223 (the MFP 104) may be performed.
In addition, the ACL 107 is set in unit of the VLANs 206 and 207, and even when the network 201 is added to the application target of the function restriction, if the application target belongs to the VLANs 206 and 207, it is unnecessary to reset the ACL 107.
From the above-mentioned description, according to this exemplary embodiment, even in the large scale network environment with an enormous number of devices and uses, it is possible to significantly reduce the costs generated when the administrator of the network 201 set the function restriction.
Also, the devices 211 to 213 and 221 to 223 such as the MFP 104 compare the list of usable functions described in the access control token 602 of the job 600 with the request content described in the body part 603. Then, when the request content is included in the usable function, the request content is executed, and when the request content is not included, the job 600 is cancelled. In this way, when the function such as the MFP 104 is used, the function restriction information (the access control token 602) of the user who requests to use the function is obtained, and from the thus function restriction information, the function that can be used by the user is confirmed. Therefore, it is possible to appropriately perform the function restriction.
Moreover, in addition to the restriction on the execution items of functions that the MFP 104 or the like has, the execution upper limit value such as the limit number of sheets to be printed is set, thus making it possible to restrict the function such as the MFP 104 more appropriately.
It should be noted that according to this exemplary embodiment, the case where the network 201 is LAN such as Ethernet (registered trademark) has been described as the example, but the network 201 does not necessarily need to be LAN. For example, when the user is in another building, prefecture, or the like, in order that the remote user participates in the network system of this exemplary embodiment, the network 201 may be composed of WAN, the Internet, or the like. It should be noted that WAN is wide-area Ethernet (registered trademark) or a collective entity composed by connecting some LANs with high speed digital lines such as ISDN telephone lines. These connections can be realized through simple electrical connections with use of a few buses.
Also, according to this exemplary embodiment, the application target of the function restriction is a hardware such as the MFP 104, but the application target of the function restriction does not necessarily need to be a hardware. That is, as long as the function of the device connected to the network 201 is restricted, the application target of the function restriction may be set to a software such as the print driver 103.
In addition, according to this exemplary embodiment, the case where the network 201 is operated under the environment of the authentication VLAN has been described as the example. As described above, in the case where the network 201 is operated under the environment of the authentication VLAN, the management can be performed while the accessible range for the user is managed by the authentication VLAN server 204 and the ACL 107 is allocated for each authentication VLAN. However, the network 201 does not necessarily need to be operated under the environment of the authentication VLAN.
For example, the network 201 may be operated under the environment of a normal VLAN or a subnet group. In this case, the ACL is generated for each normal VLAN or subnet, whereby it is possible to restrict the function similarly to this exemplary embodiment. It should be noted that in the normal VLAN or the subnet, it is necessary to set the accessible range for the network 201, not for each user but for each client PC. Thus, it is necessary to set a correspondence table to understand which user uses which client PC.
It should be noted that in the above description, the subnet is a logical network, and for example, in the specification of IP v4, it is possible to specify which subnet each of the network addresses belong with use of a subnet mask. In this way, in a case where the network 201 is caused to operate under the environment of the subnet group, for example, the accessible range for the user may be managed by the IP address management server 205.
Also, according to this exemplary embodiment, the devices 211 to 213 and 221 to 223 (the MFP 104) determines whether or not the job 600 can be performed but the configuration is not necessarily limited to the above. For example, when the printer driver (Drv) 103 generates a job, it may be determined whether or not the job can be executed by the device.
In addition, according to this exemplary embodiment, the printer driver (Drv) 103 obtains the ACT 105 from the ticket issuing server (SA) 102 and include the access control token (ACT) 602 having the thus obtained ACT 105, in the job 600. However, the configuration is not necessarily limited to the above. For example, the devices 211 to 213 and 221 to 223 (the MFP 104) may obtain information equivalent to the access control token (ACT) 602.
To be more specific, for example, the printer driver (Drv) 103 issues a job including the authentication information 601 and the body part 603 (a job not including the access control token 602) to the devices 211 to 213 and 221 to 223 (the MFP 104). The devices 211 to 213 and 221 to 223 (the MFP 104) obtains the ACT 105 from the ticket issuing server (SA) 102 and also obtains the job from the printer driver (Drv) 103. Then, the devices 211 to 213 and 221 to 223 (the MFP 104) compares the list of usable functions described in the ACT 105 with the request content described in the body part 603 to determine whether or not the thus obtained job is to be executed on the basis of the comparison result.
Also, as in this exemplary embodiment, when the ACL 107 is generated for each VLAN, the management of the ACL 107 is facilitated and thus preferable, but the configuration is not necessarily limited to the above. For example, in the table shown in
When the above-described exemplary embodiment is operated, it is necessary to set the function restriction each time when a user of AD is added. However, according to an exemplary embodiment described below, it is possible to set the function restriction for a user group of AD. For this reason, even when a user is added, the restriction is applied for the belonging user group, and thus the setting is unnecessary.
It should be noted that the system according to this exemplary embodiment is composed of a device, a server, and a client PC which are connected on a network. Then, this system is a print management system for performing an access restriction for a user or a user group which uses the device and a job execution restriction for the number of printable sheets. It should be noted that herein the user group refers to a group including at least one user ID.
Denoted by reference numeral 100 is a system administrator utility (hereinafter referred to as AU). The AU 100 is configured to be operated on a server PC that is not shown in the drawing and to perform setting and management of the system. In particular, it is possible to set the function restriction information of the user information server 101.
Reference numeral 101 denotes a user information server (hereinafter referred to as AD). The user information server saves user information 110 such as the user ID and the password, user group information 111 indicating which user belongs to which user group, and further, function restriction information (hereinafter referred to as ACL) 107 indicating which function is allowed to be used by each user group in the system. The user information server 101 is realized, for example, with use of an LDAP server, an active directory server, or the like. It should be noted that the ACL 107 will be described in detail later.
Denoted by reference numeral 102 is a ticket issuing server (hereinafter referred to as SA). On the basis of the function restriction information of the respective user groups stored in the AD 101 and the job execution actual performance of the user group accumulated in the actual performance collection server 106, the ticket issuing server issues a ticket in which information about a usable function is described. This ticket is called access control token (hereinafter referred to as ACT). The ACT is data having a role of transmitting access restriction information for a user on the system from a server to a device. In the ACT, information related to upper limit values such as a function restriction item for job execution with respect to the user and a limit number of sheets to be printed is described.
Reference numeral 103 denotes a printer driver (hereinafter referred to as Drv). The Drv 103 is configured to be operated on a client PC not shown in the drawing. When the client PC is used, login is necessary in order to find out which user uses this client PC.
Denoted by reference numeral 104 is a multi function copying machine (hereinafter referred to as MFP). The MFP 104 has not only a function of copying an original on paper, but also a function of printing print data sent from an external driver and further a function of reading an original on paper to send the image data to an external file server or a mail address (SEND function).
Reference numeral 105 denotes an access control token (hereinafter referred to as ACT). The ACT 105 is an ACT in which information about the executable function by the user in the MFP 104 or the printable upper limit sheet number is described.
Denoted by reference numeral 106 is an actual performance collection server (JSS). The JSS is configured to count the actual performance of the job execution printed sheet number for each user group, which is notified from an actual performance collection client 109 described below, across a plurality of print device printers (according to this exemplary embodiment, the MFP 104). Then, the JSS holds a user job issuance state 108 that is the print actual performance for each user group in the entire system. In this case, the job execution actual performance that the Drv 103 obtains from the MFP 104 is collected by the JSS 106 via the actual performance collection client 109.
Reference numeral 108 denotes a user job issuance state. This is information as to whether or not after the ACT 105 is issued a print job with use of the ACT is completed for each user. The user job issuance state 108 is counted for each user ID or each user group to which the user ID belongs. The user job issuance state 108 is saved in the JSS 106 as the data managed by the JSS 106.
Denoted by reference numeral 109 is an actual performance collection client (hereinafter referred to as JSS Client). The JSS Client 109 is operated on the MFP for each MFP. Then, the JSS Client 109 notifies the JSS 106 of the actual performance of the print sheet number of each user on the MFP. Alternatively, the job execution actual performance may be counted by the JSS Client 109 across a plurality of devices (for example, printers). Examples of the job execution actual performance include the actual performance of the print sheet number. As a result, the job execution actual performance of each of the users and the user group in the management system is held at the JSS Client 109.
A specific sequence is as follows:
Next, an example operation outline of the system shown in
The AU 100 sets the function restriction information for each user group with respect to the AD 101, in other words, the AU 100 sets the ACL 107. When the Drv 103 issues the print job to the MFP 104, issuance of the ACT 105 describing the usable function for this user is requested to the SA 102 with use of the user ID as an argument. The SA 102 specifies the user group to which this user belongs. On the basis of the ACL 107 stored in the AD 101, the SA 102 issues the ACT 105 describing the usable function and returns the ACT to the Drv 103. In order to send the job to the MFP 104, the Drv 103 adds the ACT 105 having been received previously to the job as a part of the header for the sending. Herein, the access control token 602 of
The MFP 104 having received the job compares the list of the usable functions described in the access control token 602 with the request content described in the body part 603. When the request content is included in the usable functions, the request is executed. If the request content is not included in the usable functions, the job is cancelled.
Moreover,
The ACL 107 is composed of a plurality of ACLs. The ACL is allocated in unit of VLAN. In other words, one ACL is applied to one VLAN.
In this one ACL, it is possible that regarding the user group capable of accessing the VLAN, the function restriction information about each function of the MFP is set in unit of user group and managed.
Next, a process in which the AU 100 sets the ACL 107 will be described.
In the description, in
The subject from now on is basically the AU 100. In Step S131, the AU 100 obtains VLAN information from the authentication VLAN server 204 and creates the VLAN list to be managed in the network 1.
In Step S132, the AU 100 obtains a list of users to be managed by the network 1 from the directory server 203 to create a user list.
In Step S133, the AU 100 takes out data of the unprocessed VLAN from the VLAN list and further, takes out ACL for this VLAN from the ACL 107 to be displayed on the user interface. In Step S134, from the user list, the AU 100 takes out data of the unprocessed user.
In Step S135, the AU 100 asks the authentication VLAN server 204 as to whether this user belongs to this VLAN. When this user belongs to this VLAN, a process in Step S136 is executed, and when this user does not belong to this VLAN, a process in Step S138 is executed. In Step S136, the AU 100 searches the directory server 203 for the user group to which this user belongs.
In Step S137, in the ACL display of this VLAN, the AU 100 enables the entry of this user (row). In Step S138, in the ACL display of this VLAN, the AU 100 sets the entry of this user (row) as gray out and disables the entry.
In Step S139, the AU 100 sets this user as processed and determines whether or not the all the users in the user list are set as processed. When all the users are set as processed, a process in Step S140 is executed, and when all the users are not set as processed, the flow returns to Step S134. In Step S140, the user of the AU 100 (the system administrator) sets ACL setting for this VLAN. In Step S141, the AU 100 sets this VLAN as processed and determines whether or not the all VLANs in the VLAN list are set as processed. When all VLANs are set as processed, this process sequence is ended and when all VLANs are not set as processed, the flow returns to Step S133.
In order to operate various devices for realizing the functions of the above-described exemplary embodiments, a program code of a software for realizing the functions of the above-described exemplary embodiments may be supplied to a computer in a device or a system connected to the various devices. The example of embodying the functions by operating the various devices on the basis of the programs stored in the computer (CPU or MPU) in the device or the system is in the scope of the present invention.
Also, in this case, a program code itself of the software realizes the functions of the above-described exemplary embodiments. Then, the program code itself, a unit configured to supply the program code to the computer, for example, a recording medium storing the program code constitutes the present invention. As the recording medium for storing the program code, for example, a flexible disc, a hard disc, an optical disc, an optomagnetic disc, a CD-ROM, a magnetic tape, a non-volatile memory card, a ROM, or the like can be used.
In addition, the functions of the above-described exemplary embodiments are realized not only when the computer executes the supplied program code but also when the program code works together with an operating system running on the computer, other application software, or the like. It is needless to mention that the program code is included in an exemplary embodiment of the present invention.
Moreover, after the supplied program code is stored in a memory provided to a function expansion board of the computer, a CPU or the like provided to function expansion board executes a part or an entirety of the actual process on the basis of instructions of the program code. It is needless to mention that the case where the functions of the above-described exemplary embodiments are realized through the process is also in the scope of the present invention.
Furthermore, after the supplied program code is stored in a memory provided to a function expansion unit of the computer, a CPU or the like provided to function expansion unit executes a part or an entirety of the actual process on the basis of instructions of the program code. It is needless to mention that the case where the functions of the above-described exemplary embodiments are realized through the process is also in the scope of the present invention.
While the present invention has been described with reference to exemplary embodiments, it is to be understood that the invention is not limited to the disclosed exemplary embodiments. The scope of the following claims is to be accorded the broadest interpretation so as to encompass all modifications, equivalent structures and functions.
This application claims the benefit of Japanese Applications No. 2006-134319 filed May 12, 2006 and No. 2007-082390 filed Mar. 27, 2007, which are hereby incorporated by reference herein in their entirety.
Number | Date | Country | Kind |
---|---|---|---|
2006-134319 | May 2006 | JP | national |
2007-082390 | Mar 2007 | JP | national |