The role setting device is provided with an ACL classification unit for outputting access rule categories for associating at least one permission which is a set of a resource IDs for identifying a resource for which access is to be given and an action for defining whether operations on the resource are to be authorized or denied with a plurality of user IDs for identifying a plurality of users which are an accessing entity; an ID attribute storage unit for associating a plurality of user IDs with a plurality of attribute elements and storing thereof; a role definition storage unit for associating a plurality of attribute elements with a plurality of role definition names and storing thereof; and a role mapping unit for obtaining common attributes common to a plurality of user IDs from a plurality of attribute elements stored by the ID attribute storage unit on the basis of a plurality of user IDs of the access rule categories, and on the basis of the common attributes, obtaining a first role definition name from a plurality of role definition names stored by a role definition storage unit, and associating the access rule category with the first role definition name.
展开▼