Server apparatus, information processing method, program, and storage medium

摘要

An information processing method for a server apparatus controlling access based on a role of a user and a scope as authority held by an authorization token for realizing a unified license management structure that does not reduce an overall performance of a cloud service even if a plurality of services collaborate with the cloud service.

主权项

1. A system including:
a fee-based integrated service that a user belonging to a tenant for which a license is set is able to use, a free integrated service, an authentication/authorization service, a print service, and a client, wherein the fee-based integrated service, the free integrated service, the authentication/authorization service and the print service provide a cloud service, wherein at least one of a plurality of central processing units (CPUs) included in the system functions as:
a setting unit configured to, when the user accessing the cloud service uses the fee-based integrated service, assign a role, which is a concept used for managing authority which is required when the user accesses the cloud service, to user information of the user and not to set a scope, which limits an act of the user, for first authorization information issued based on the user information, and configured not to, when the user uses the free integrated service, assign a role to the user information of the user and to set a scope for second authorization information issued based on the user information; andan authorization unit configured to, in a case where a first print request is transmitted from a web browser of the client to the print service via the fee-based integrated service, authorize use of the fee-based integrated service in a manner such that the print service transmits authorization information related to the first print request to the authentication/authorization service, the authentication/authorization service determines whether the role is assigned to the user information without verifying a definition of the scope linked to the first authorization information, and the authorization unit, based on a determination by the authentication/authorization service that the role is assigned to the user information linked to the first authorization information, authorizes the use of the fee-based service, andin a case where a second print request is transmitted from the web browser of the client to the print service via the free integrated service, authorize use of the free integrated service in a manner such that the print service transmits authorization information related to the second print request to the authentication/authorization service, the authentication/authorization service determines whether the scope linked to the second authorization information is included in a scope for using the free integrated service, and the authorization unit, based on a determination by the authentication/authorization service that the scope linked to the second authorization information is included in the scope for using the free integrated service, authorizes the use of the free integrated service without the authentication/authorization service verifying whether a role is assigned to the user information linked to the second authorization information.