RESTRICTION INFORMATION GENERATION APPARATUS AND METHOD, PRINTING SYSTEM WITH FUNCTIONAL RESTRICTION, AND PRINTING AUTHENTICATION METHOD

Abstract

A restriction information generation apparatus configured to generate access restriction information to be transmitted from a client terminal to a printing apparatus to determine whether to permit/inhibit execution of a print job based on the access restriction information containing functional restriction information of the printing apparatus, comprises an acquisition unit, adapted to acquire, from a restriction information management server, functional restriction information directly assigned to a user specified by user information received from a requesting client terminal, and indirectly assigned functional restriction information; a merge unit, adapted to merge the pieces of functional restriction information acquired by the acquisition unit to generate access restriction information; and a transmission unit, adapted to transmit the access restriction information generated by the merge unit to the client terminal.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a view showing a general system configuration in the first embodiment;

FIG. 2 is a block diagram showing the hardware configuration of a server computer in which server software is installed in the first embodiment;

FIG. 3A is a table showing a settable functional restriction information list in the first embodiment;

FIG. 3B is a table (continued from FIG. 3A) showing the settable functional restriction information list in the first embodiment;

FIG. 4 is a view showing the directory structures of device information and user information stored in a user information server 1001 in the first embodiment;

FIG. 5A is a view showing the directory structure of a functional restriction information list stored in the user information server 1001 in the first embodiment;

FIG. 5B is a view (continued from FIG. 5A) showing the directory structure of the functional restriction information list stored in the user information server 1001 in the first embodiment;

FIG. 6 is a view showing the class structure of a user, group, role, functional restriction information list, and functional restriction information in the first embodiment;

FIG. 7 is a flowchart showing a process to list groups to which the user belongs, as a pre-process when issuing an access control token 1005 in the first embodiment;

FIG. 8 is a flowchart showing a group information analysis process in the first embodiment;

FIG. 9 is a flowchart showing a process to list roles by deleting repetitive roles from roles assigned to a user and group in the first embodiment;

FIG. 10 is a flowchart showing a process to acquire a functional restriction information list from the user information server 1001 and generate the access control token 1005 based on a role list generated by the flowchart in FIG. 9 in the first embodiment;

FIG. 11 is a table showing the merge condition of a merge process for the applied access control token 1005 in the first embodiment;

FIG. 12A is a view showing an example of the generated access control token 1005 in the first embodiment;

FIG. 12B is a view (continued from FIG. 12A) showing the example of the generated access control token 1005 in the first embodiment;

FIG. 13 is a table showing the merge condition of a merge process for the applied access control token 1005 in the second embodiment; and

FIG. 14 is a functional block diagram of the first embodiment.

Claims

1. A restriction information generation apparatus configured to generate access restriction information to be transmitted from a client terminal to a printing apparatus to determine whether to permit/inhibit execution of a print job based on the access restriction information containing functional restriction information of the printing apparatus, comprising: an acquisition unit, adapted to acquire, from a restriction information management server, functional restriction information directly assigned to a user specified by user information received from a requesting client terminal, and indirectly assigned functional restriction information;a merge unit, adapted to merge the pieces of functional restriction information acquired by said acquisition unit to generate access restriction information; anda transmission unit, adapted to transmit the access restriction information generated by said merge unit to the client terminal.

2. An apparatus according to claim 1, wherein said merge unit is configured to generate access restriction information in which a value of the most moderate restriction among the pieces of functional restriction information acquired by said acquisition unit is set for each item of the pieces of functional restriction information.

3. An apparatus according to claim 1, wherein said merge unit is configured to generate access restriction information in which a value of the severest restriction among the pieces of functional restriction information acquired by said acquisition unit is set for each item of the pieces of functional restriction information.

4. An apparatus according to claim 1, wherein the functional restriction information indirectly assigned to the user contains functional restriction information assigned to a group to which the user belongs directly or indirectly.

5. An apparatus according to claim 1, wherein if no functional restriction information is explicitly assigned to the user, the restriction information generation apparatus is configured to use default functional restriction information as the functional restriction information directly assigned to the user.

6. A restriction information generation method for a restriction information generation apparatus which generates access restriction information to be transmitted from a client terminal to a printing apparatus that determines whether to permit/inhibit execution of a print job based on the access restriction information containing functional restriction information of the printing apparatus, comprising: an acquiring step of acquiring, from a restriction information management server, functional restriction information directly assigned to a user specified by user information received from a requesting client terminal, and indirectly assigned functional restriction information;a merging step of merging the pieces of functional restriction information acquired in the acquiring step to generate access restriction information; anda transmitting step of transmitting the access restriction information generated in the merging step to the client terminal.

7. A printing system with functional restriction, comprising: a printing apparatus which is configured to determine whether to permit/inhibit execution of a print job based on access restriction information containing functional restriction information of the printing apparatus;a client terminal which is configured to transmit the access restriction information to the printing apparatus;a restriction information management server which is configured to save functional restriction information corresponding to each role assigned to a user or group; anda restriction information generation apparatus according to claim 1.

8. A printing authentication method for a printing system with functional restriction having a client terminal, a restriction information management server which saves functional restriction information corresponding to each role assigned to a user or group, a restriction information generation apparatus, and a printing apparatus, comprising: a requesting step of causing the client terminal to transmit an access restriction information generation request together with a user ID to the restriction information generation apparatus;a step of causing the restriction information generation apparatus to perform a method according to claim 6;a transmitting step of causing the client terminal to transmit the access restriction information together with a print job to the printing apparatus; anda determining step of causing the printing apparatus to determine whether to permit/inhibit execution of the print job based on the access restriction information containing functional restriction information of the printing apparatus.

9. A computer-readable recording medium on which a program for performing a method for generating access restriction information to be transmitted from a client terminal to a printing apparatus that determines whether to permit/inhibit execution of a print job based on the access restriction information containing functional restriction information of the printing apparatus, which program is configured to cause a computer to function as a restriction information generation apparatus according to claim 1.