DETAILED ACTION
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection.  Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114.  Applicant's submission filed on 1/19/2021 has been entered.

Summary and Status of Claims
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
This Office Action is in response to Applicant’s reply filed 1/19/2021.
Claims 1-20 are pending.
Claims 1-5, 9-13, and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Banks et al. (US Patent Pub 2014/0188938) in view of Prasad et al. (US Patent 7,568,217).
Claims 6-8 and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Banks et al. (US Patent Pub 2014/0188938) in view of Prasad et al. (US Patent 7,568,217), further in view of Roche et al. (US Patent 9,432,379).
The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.

Claim Objections
Claims 1, 9, and 17 are objected to
In claims 1, 9, and 17, in the “linking” limitation “both a user identifier” should be “both user identifiers” for consistency with features described at para. 0122 of the specification.
Claim 17 recites “a plurality of user profiles” and should be “a plurality of users” for consistency with the rest of the claim.  Examiner acknowledges “user profiles” are discussed in the specification, but does is not recited anywhere in the claims except for this specific instance.  Accordingly, Examiner suggests the amendment to make the limitation consistent with the rest of the claim.  
Appropriate correction is required.

Note on Prior Art Rejections
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

The text of those sections of Title 35, U.S. Code not included in this action can be found in a prior Office action.
The factual inquiries set forth in Graham v. John Deere Co., 383 U.S. 1, 148 USPQ 459 (1966), that are applied for establishing a background for determining obviousness under 35 U.S.C. 103 are summarized as follows:
1. Determining the scope and contents of the prior art.
2. Ascertaining the differences between the prior art and the claims at issue.
3. Resolving the level of ordinary skill in the pertinent art.
4. Considering objective evidence present in the application indicating obviousness or nonobviousness.
Claims 1-5, 9-13, and 17-20 are rejected under 35 U.S.C. 103 as being unpatentable over Banks et al. (US Patent Pub 2014/0188938) (Banks) in view of Prasad et al. (US Patent 7,568,217) (Prasad).
In regards to claim 1, Banks discloses a computer-implemented method for providing permissions to users of a database system, the method comprising:
a.	assigning, by the database system, one or more permission sets to a user based on an attribute of the user identified by the database system, each permission set comprising a container of a plurality of permissions, each permission granting access to an application or database resource stored on the database system, the attribute comprising a role (Banks at paras. 0017-18, 0022, 0030)1, the one or more permission sets being associated with the user and stored in a database (Banks at paras. 0030-0032, 0057)2, the assigning comprising:
i.	receiving criteria regarding the attribute (Banks at paras. 0017-18, 0053)3;
	ii.	identifying a plurality of users, the plurality including the user, based on the plurality of users being associated with attributes meeting the criteria (Banks at paras. 0017, 0030)4; and
iii.	linking each of the plurality of users to the one or more permission sets in response to the identifying the plurality of users by storing a permission set assignment object with records that comprise both a user identifier for the plurality of users and the one or more permission sets assigned to the identified plurality of users (Banks at para. 0057)5;
b.	detecting, by the database system, a start of a first user session associated with the user (Banks at para. 0032)6; 
c.	determining, by the database system, if the user satisfies one or more qualification requirements, the determination being triggered by the detection of the start of the first user session, the qualification requirement being different than the attribute (Banks at paras. 0023-25, 0060, 0064-66)7; 
d.	activating, by the database system, one or more permission sets linked to the user in the permission set assignment object directly in response to the detection of the start of the first user session and the user satisfying one or more qualification requirements (Banks at paras. 0060, 0064-66)8;
e.	enabling, by the database system, access to the user to the application or database resources stored on the database system associated with each permission of the one or more permission sets in response to the activation of the one or more permission sets, the access being blocked until the one or more permission sets is activated.  Banks at para. 0022.9
Banks does not expressly disclose the attribute comprising a role in a hierarchical role model, where users at one permission level have access to computing resources assigned to the one permission level and computing resources accessible by a lower permission level user, but do not have access to computing resources accessible to a user at a higher permission level.
Prasad discloses a system and method of using a role based access control system where a role refers to a class of users that are assigned a set of privileges on the network (i.e., permission set).  Prasad at col. 3, lines 39-40.  Prasad also discloses roles can be conditional.  Prasad at col. 3, lines 41-44.  Prasad further discloses roles can be assigned and defined by hierarchical relationships.  For example, a primary role, a role that would be assigned to everyone like an “employee”, would have the lowest level.  A “manager” would be an intermediate role that has a higher level than “employee” and an “administrator” role would have the highest level.  Each role level has the privileges of levels below it and the privileges exclusive to the role level.  Prasad at col. 7, lines 62-65; col. 8, lines 20-47.
Banks and Prasad are analogous art because they are both directed to the same field of endeavor of access permissions systems.  Much like Prasad, Banks utilizes roles that include one or more privileges and discloses users may be grouped or classified into different user groups.  Banks at para. 0017.  Therefore, while Banks does not expressly disclose a hierarchical role system, one of ordinary skill in the art would rely on Prasad and modify Banks to add the feature.
At the time before the effective filing date of the instant application, it would have been obvious to one of ordinary skill in the art to modify Banks by adding the features of the role in a hierarchical role model, where users at one permission level have access to computing resources assigned to the one permission level and computing resources accessible by a lower permission level user, but do not have access to computing resources accessible to a user at a higher permission level, as disclosed by Prasad.
The motivation for doing so would have been because providing a hierarchical role system allows administrators of the system a more efficient way of ensuring certain classes of users get the permissions they need while not having to maintain individual permissions for each user.  Prasad at col. 8, lines 15-27.  

In regards to claim 2, Banks in view of Prasad discloses the method of claim 1, further comprising activating an assignment of a first permission set and not a second permission set.  Banks at paras. 0022-25, 0032.10
In regards to claim 3, Banks in view of Prasad discloses the method of claim 1, further comprising revoking an activation of the assignment of the one or more permission sets based on detecting a termination of the first user session.  Banks at 0032, 0035.11
In regards to claim 4, Banks in view of Prasad discloses the method of claim 3, further comprising revoking an activation of the assignment of the one or more permission sets based on the user failing to continue to satisfy the one or more qualification requirements during the first user session.  Banks at para. 0035.12
In regards to claim 5, Banks in view of Prasad discloses the method of claim 4, further comprising revoking an activation of an assignment of a first permission set and not a second permission set.  Banks at paras. 0022-25, 0032-35.13
Claims 9-13 are essentially the same as claims 1-5, respectively, in the form of a computer program product comprising a non-transitory computer readable medium having computer program code therein (Banks at para. 0073).  Therefore, they are rejected for the same reasons.

In regards to claim 17, Banks discloses an apparatus for activating assignments of permission sets, the apparatus comprising:
a.	one or more processors (Banks at para. 0072); and
b.	a non-transitory computer readable medium storing a plurality of instructions (Banks at para. 0073), which when executed cause the one or more processors to:
i.	assign one or more permission sets to a user based on an attribute of the user identified by the database system, each permission set comprising a container of a plurality of permissions, each permission granting access to an application or database resource stored on the database system, the attribute comprising a role (Banks at paras. 0017-18, 0022, 0030)14, the one or more permission sets being associated with the user and stored in a database (Banks at paras. 0030-0032, 0057)15, the assigning comprising:
(1).	receiving criteria regarding the attribute (Banks at paras. 0017-18, 0053)16;
(2).	identifying a plurality of users, the plurality including the user, based on the plurality of users being associated with attributes meeting the criteria (Banks at paras. 0017, 0030)17; and
(3).	linking each of the plurality of users to the one or more permission sets in response to the identifying the plurality of users by storing a permission set assignment object with records that comprise both a user identifier for the plurality of users and the one or more permission sets assigned to the identified plurality of users (Banks at para. 0057)18;
ii.	detect a start of a first user session associated with the user (Banks at para. 0032)19; 
iii.	determine if the user satisfies one or more qualification requirements, the determination being triggered by the detection of the start of the first user session, the qualification requirement being different than the attribute (Banks at paras. 0023-25, 0060, 0064-66)20;
iv.	activate the one or more permission sets linked to the user in the permission set assignment object directly in response to the detection of the start of the first user session and the user satisfying the one or more qualification requirements (Banks at paras. 0060, 0064-66)21; and
v.	enable access to the user to the application or database resources stored on the database system associated with each permission of the one or more permission sets in response to the activation of the one or more permission sets, the accessing being blocked until the one or more permission sets is activated.  Banks at para. 0022.22
Banks does not expressly disclose the attribute comprising a role in a hierarchical role model, where users at one permission level have access to computing resources assigned to the one permission level and computing resources accessible by a lower permission level user, but do not have access to computing resources accessible to a user at a higher permission level.
Prasad discloses a system and method of using a role based access control system where a role refers to a class of users that are assigned a set of privileges on the network (i.e., permission set).  Prasad at col. 3, lines 39-40.  Prasad also discloses roles can be conditional.  Prasad at col. 3, lines 41-44.  Prasad further discloses roles can be assigned and defined by hierarchical relationships.  For example, a primary role, a role that would be assigned to everyone like an “employee”, would have the lowest level.  A “manager” would be an intermediate role that has a higher level than “employee” and an “administrator” role would have the highest level.  Each role level has the privileges of levels below it and the privileges exclusive to the role level.  Prasad at col. 7, lines 62-65; col. 8, lines 20-47.
Banks and Prasad are analogous art because they are both directed to the same field of endeavor of access permissions systems.  Much like Prasad, Banks utilizes roles that include one or more privileges and discloses users may be grouped or classified into different user groups.  Banks at para. 0017.  Therefore, while Banks does not expressly disclose a hierarchical role system, one of ordinary skill in the art would rely on Prasad and modify Banks to add the feature.
At the time before the effective filing date of the instant application, it would have been obvious to one of ordinary skill in the art to modify Banks by adding the features of the role in a hierarchical role model, where users at one permission level have access to computing resources assigned to the one permission level and computing resources accessible by a lower permission level user, but do not have access to computing resources accessible to a user at a higher permission level, as disclosed by Prasad.
The motivation for doing so would have been because providing a hierarchical role system allows administrators of the system a more efficient way of ensuring certain classes of users get the permissions they need while not having to maintain individual permissions for each user.  Prasad at col. 8, lines 15-27.  

In regards to claim 18, Banks in view of Prasad discloses the apparatus of claim 17, wherein the plurality of instructions, when executed, further cause the one or more processors to revoke an activation of the assignment of the one or more permission sets based on detecting a termination of the first user session.  Banks at 0032, 0035.23
In regards to claim 19, Banks in view of Prasad discloses the apparatus of claim 18, wherein the plurality of instructions, when executed, further cause the one or more processors to revoke an activation of the assignment of the one or more permission sets based on failing to continue to satisfy the one or more qualification requirements during the first user session.  Banks at para. 0035.24
In regards to claim 20, Banks in view of Prasad discloses the apparatus of claim 19, wherein the plurality of instructions, when executed, further cause the one or more processors to revoke the assignment of the one or more permission sets based on detecting of a start of a second user session and based on the second user session satisfying the one or more qualification requirements.  Banks at Fig. 3; paras. 0026-29, 0035.25

Claims 6-8 and 14-16 are rejected under 35 U.S.C. 103 as being unpatentable over Banks et al. (US Patent Pub 2014/0188938) (Banks) in view of Prasad et al. (US Patent 7,568,217) (Prasad), further in view of Roche et al. (US Patent 9,432,379) (Roche).
In regards to claim 6, Banks in view of Prasad discloses the method of claim 5, and provides the administrator with the ability to modify roles, which includes the conditions associated with them (Banks at paras. 0029-30) but does not expressly disclose wherein the one or more qualification requirements are updatable during the first user session.  
Roche discloses a system and method in a multi-tenant environment for managing user access using user characteristics (i.e., attributes) for authorization of a user by comparing them to application roles in application authorization profiles.  Roche at abstract.  Privileges granted can be controlled by any number of different variables including time, location, and application (i.e., qualifying requirements).  These variables and privileges can be changed at any time (i.e., updateable during the first user session).  Roche at col. 6, lines 65-67; col. 7, lines 1-9.
Banks, Prasad, and Roche are analogous art because they are all directed to the same field of endeavor of managing user permissions.
At the time before the effective filing date of the instant application, it would have been obvious to one of ordinary skill in the art to modify Banks in view of Prasad by adding the feature of wherein the one or more qualification requirements are updatable during the first user session, as disclosed by Roche.  Banks already discloses allowing administrators to modify the roles.  Roche simply adds the ability for the administrator to modify the roles at any time.
The motivation for doing so would have been to allow administrators the ability to dynamically define and modify privileges granted to a user.  Roche at col. 7, lines 1-4.

In regards to claim 7, Banks in view of Prasad and Roche discloses the method of claim 6, wherein the activating the assignment of the one or more permission sets is further based on the first user session satisfying the one or more qualification requirements.  Banks at Fig. 3; paras. 0058-67.26
In regards to claim 8, Banks in view of Prasad and Roche discloses the method of claim 7, further comprising activating the assignment of the one or more permission sets based on detecting of a start of a second user session and based on the second user session satisfying the one or more qualification requirements.  Banks at Fig. 3; paras. 0026-28, 0058-67.27
Claims 14-16 are essentially the same as claims 6-8, respectively, in the form of a computer program product.  Therefore, they are rejected for at least the same reasons.


Response to Amendment
Objection to claims 1 and 17 for Minor Informalities
Applicant’s amendment to claims 1 and 17 to address the minor informalities is acknowledged.  The amendment to claim 1 addresses the reason for the objection, but additional amendments raise new objections as set forth above.  The amendment to claim 17 does not address the objection as set forth in the objections above.  Consequently, the objections to claims 1 and 17 are maintained.

Response to Arguments
Rejection of Claims 1-20 under 35 U.S.C 112(b)
Applicant’s amendment to claims 1-20 is acknowledged.  While the amendments do not necessarily address the issues raised by the Examiner, based on Applicant’s amendments and para. 0122 of the specification, Examiner believes amending the claims, as suggested in the informality objections set forth above, would best resolve the issues.
For at least the reasons discussed above, the rejection to claims 1-20 under 35 U.S.C. 112(b) is withdrawn.      

Rejection of claims 1-20 under 35 U.S.C. 102(a)(1)
Applicant’s arguments in regards to the rejections to claims 1-20 under 35 U.S.C. 102(a)(1), have been fully considered and they are persuasive in that Short does not expressly disclose a “hierarchical role model” as now recited in the claim.  Consequently, the rejection of claims 1-20 under 35 U.S.C. 102(a)(1) is withdrawn.
However, upon further search and consideration, new grounds of rejection are set forth above as necessitated by Applicant’s amendments.  The new grounds of rejection rely on Banks, Prasad, and Roche.
Banks discloses a system and method for managing of conditional role activation for access to database resources.
Prasad discloses a system and method for using role based access control in a hierarchical role model.
Roche discloses a system and method for managing dynamically authorized access privileges in a multi-tenant environment.

Additional Prior Art
Additional relevant prior art are listed on the attached PTO-892 form.  Some examples are:
Lei et al. (US Patent 6,487,552) discloses a system and method for fine grained database access control that utilizes predicates and context attributes.
Prokupets et al. (US Patent Pub 2003/0023874) discloses a system and method for integrating security and access for information systems using a central database that stores access privileges for users.
Ho et al. (US Patent Pub 2004/0254934) discloses a system and method for high runtime performance for setting ACL rules and content management security using user profiles.
Fujiwara et al. (US Patent Pub 2005/0216468) discloses a system and method for database access control using attributes.
Sack et al. (US Patent Pub 2006/0248083) discloses a system and method for mandatory access control in a database system that provides consistent and flexible, role based security.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MICHAEL LE whose telephone number is (571)272-7970.  The examiner can normally be reached on M-F: 9:30am-6pm ET.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Tony Mahmoudi can be reached on 571-272-4078.  The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from the Patent Application Information Retrieval (PAIR) system.  Status information for published applications may be obtained from either Private PAIR or Public PAIR.  Status information for unpublished applications is available through Private PAIR only.  For more information about the PAIR system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).




/Michael Le/
Examiner, Art Unit 2163



	/TONY MAHMOUDI/               Supervisory Patent Examiner, Art Unit 2163                                                                                                                                                                                         


    
        
            
        
            
    

    
        1 A role is a container with one or more privileges for accessing data in the database (i.e., one or more permission sets comprising a plurality of permissions, each permission granting access to an application or database resource on the database system).  Roles can be assigned to individual users or to a group of users.  In the case of a group of users, the group has its own user ID, which is interpreted as a “role” of the limitation.  For example, a group of users could be assigned a user ID of “manager” (i.e., attribute comprising a role).  Therefore, admins assigning a role to a user group with user ID “manager” would assign a user belonging to the group the role based on the user’s group attribute being “manager.”
        2 Roles, which users they are assigned to, and conditions associated with the roles and users are stored in a portion of the database system (i.e., one or more permission sets … stored in a database).
        3 As discussed in para. 0017, users can be grouped based on different attributes, such as department or location, which user groups are identified by user IDs (i.e., criteria regarding the attribute).  These criteria are received by the role manager from the admin assigning the role to a user or users.
        4 A user group can be identified by a “user ID”.  An admin can assign roles (i.e., permission sets) to a user ID or user IDs, which represents a user group.  The role manager would accordingly identify users within the user group (i.e., identify a plurality of users, the plurality including the user) based on the user ID(s) provided by the admin (i.e., based on the plurality of users being associated with attributes meeting the criteria).
        5 Users (i.e., user identifiers), roles (i.e., permission sets), and predicates are associated with each other (i.e., linked) and stored in a table of the database system.
        6 Role activation process (i.e., activating one or more permission sets) can occur automatically upon a user login to the database (i.e., detecting a start of a first user session associated with the user).
        7 Upon login (i.e., triggered by detection of the start of the first user session), the verifier of the database system determines whether the user meets conditions (i.e., qualification requirements) associated with the role.  These conditions can be based on time of day, how a user connects to the database, etc (i.e., qualification requirements being different than the attribute).
        8 If user satisfies the required conditions (i.e., user satisfying one or more qualification requirements), the associated role is activated.
        9 A user, meeting the conditions of the role (i.e., satisfying qualification requirements) has their role (i.e., permission set) activated and subsequently, can access the data requested but cannot access the data until the role is activated.  
        10 Each roles has their own specific conditions.  Activation of a role (I.e., permission set) depends on whether a user satisfies the conditions of the role.  Therefore, a user given roles db_admin and hr_director might have db_admin activated because it is a Tuesday at 2AM, but the hr_director role may be denied activation because the network being used is insecure (i.e., activating a first permission set and not a second permission set).
        11 Conditions that must be satisfied to activate a role are checked upon a user logging in (i.e., session start) and are continually checked until one or more of the conditions fails, which results in an error notification that the role cannot be activated (i.e., revoking activation … based on detecting a termination of the first user session).  Moreover, it is also interpreted that activation is revoked upon end of a session because the system checks the conditions every time a user logs in, which would be unnecessary if the role remained activated despite a session ending.
        12 If at any point a condition is failed, the role is no longer activated (i.e., revoking activation … user failing to continue to satisfy the one or more qualification requirements during the first user session).
        13 Much like for activating one permission set and not a second permission set, revoking follows the same principles.  If a user fails to satisfy the conditions of a particular role, that role is deactivated while roles where the user continues to satisfy the conditions would remain activated.
        14 A role is a container with one or more privileges for accessing data in the database (i.e., one or more permission sets comprising a plurality of permissions, each permission granting access to an application or database resource on the database system).  Roles can be assigned to individual users or to a group of users.  In the case of a group of users, the group has its own user ID, which is interpreted as a “role” of the limitation.  For example, a group of users could be assigned a user ID of “manager” (i.e., attribute comprising a role).  Therefore, admins assigning a role to a user group with user ID “manager” would assign a user belonging to the group the role based on the user’s group attribute being “manager.”
        15 Roles, which users they are assigned to, and conditions associated with the roles and users are stored in a portion of the database system (i.e., one or more permission sets … stored in a database).
        16 As discussed in para. 0017, users can be grouped based on different attributes, such as department or location (i.e., criteria regarding the attribute).  These criteria are received by the role manager from the admin assigning the role to a user or users.
        17 A user group can be identified by a “user ID”.  An admin can assign roles (i.e., permission sets) to a user ID or user IDs, which represents a user group.  The role manager would accordingly identify users within the user group (i.e., identify a plurality of users, the plurality including the user) based on the user ID(s) provided by the admin (i.e., based on the plurality of users being associated with attributes meeting the criteria).
        18 Users (i.e., user identifiers), roles (i.e., permission sets), and predicates are associated with each other (i.e., linked) and stored in a table of the database system.
        19 Role activation process (i.e., activating one or more permission sets) can occur automatically upon a user login to the database (i.e., detecting a start of a first user session associated with the user).
        20 Upon login (i.e., triggered by detection of the start of the first user session), the verifier of the database system determines whether the user meets conditions (i.e., qualification requirements) associated with the role.  These conditions can be based on time of day, how a user connects to the database, etc (i.e., qualification requirements being different than the attribute).
        21 If user satisfies the required conditions (i.e., user satisfying one or more qualification requirements), the associated role is activated.
        22 A user, meeting the conditions of the role (i.e., satisfying qualification requirements) has their role (i.e., permission set) activated and subsequently, can access the data requested but cannot access the data until the role is activated.  
        23 Conditions that must be satisfied to activate a role are checked upon a user logging in (i.e., session start) and are continually checked until one or more of the conditions fails, which results in an error notification that the role cannot be activated (i.e., revoking activation … based on detecting a termination of the first user session).  Moreover, it is also interpreted that activation is revoked upon end of a session because the system checks the conditions every time a user logs in, which would be unnecessary if the role remained activated despite a session ending.
        24 If at any point a condition is failed, the role is no longer activated (i.e., revoking activation … user failing to continue to satisfy the one or more qualification requirements during the first user session).
        25 A second user may have an administrator role and based on logging in and satisfying the conditions of the admin role (i.e., based on detection of a second user session and second user session satisfying the one or more qualification requirements), the second user can remove a role from the first user (i.e., revoke the assignment of the permission set).  
        26 Upon a session start, the system determines whether the role has conditions (i.e., qualification requirements) and if so, determines whether the user satisfies the conditions for the role, the role is activated.
        27 A second user could have the same role (i.e., one or more permission set) assigned to them.  Upon logging in, the second user would have their session and attributes tested to ensure they satisfy the conditions (i.e., qualification requirements), which will allow the role to be activated for the second user.