To reduce the maintenance work for a change of organization (group) needed conventionally because the access right for shared documents are managed only with user ID or group ID.
An electronic data management server 1 maintains an access control list (ACL) relating user attribute information (post information of the organization, a range of administrative authority or the like) with a kind of access (for example, reference/reedition/update/deletion) for every document and controls the access for the document by the ACL for the request from clients 5A, 5B to manage the access right. By referring the ACL by the user attribute information, the user attribute is associated with the access right directly and the burden of the review of the constitution of the group, conventionally needed for reorganization, is reduced.