SERVER APPARATUS, INFORMATION PROCESSING METHOD, PROGRAM, AND STORAGE MEDIUM

摘要

An information processing method for a server apparatus controlling access based on a role of a user and a scope as authority held by an authorization token for realizing a unified license management structure that does not reduce an overall performance of a cloud service even if a plurality of services collaborate with the cloud service.

主权项

1. A system including a fee-based integrated service that a user belonging to a tenant for which a license is set is able to use, a free integrated service, an authentication/authorization service, a print service, and a client,
wherein at least one of a plurality of central processing units (CPUs) included in the system functions as: a setting unit configured to, when a user uses the fee-based integrated service, assign a role to user information of the user and not to set a scope for authorization information issued based on the user information, and configured not to, when the user uses the free integrated service, assign a role to the user information of the user and to set a scope for the authorization information issued based on the user information; and an authorization unit configured to, in a case where a print request is transmitted from a web browser of the client to the print service via the fee-based integrated service, authorize use of the fee-based integrated service in a manner such that the print service transmits authorization information related to the print request to the authentication/authorization service, the authentication/authorization service verifies whether a role is assigned to the user information without verifying a definition of a scope linked to the authorization information, and the authorization unit, based on a determination by the authentication/authorization service that a role is assigned to the user information linked to the authorization information, authorizes the use of the fee-based service, and in a case where a print request is transmitted from the web browser of the client to the print service via the free integrated service, authorize use of the fee integrated service in a manner such that the print service transmits authorization information related to the print request to the authentication/authorization service, the authentication/authorization service verifies whether a scope linked to the authorization information is included in a scope for using the free integrated service, and the authorization unit, based on a determination by the authentication/authorization service that the scope linked to the authorization information is included in the scope for using the free integrated service, authorize the use of the free integrated service without the authentication/authorization service verifying whether a role is assigned to the user information linked to the authorization information.