DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Response to Arguments
Applicant’s arguments, see remarks, filed 1/14/2022, with respect to claims over prior art have been fully considered and are persuasive, see for example page 10 paragraph 5 and page 11 paragraph 3.  The 35 U.S.C. 103 rejection(s) of claims 1-20 has been withdrawn. 
Applicant’s arguments, see remarks, filed 1/14/2022, with respect to statutory eligibility of claims have been fully considered and are persuasive and in view of the claim amendments filed 1/14/2022, see for example page 8-10 points 1-4.  The 35 U.S.C. 101 rejection(s) of claims 1-20 has been withdrawn. 
Examiner’s Note: Applicant has made the necessary amendments to overcome the claim objection as well. 
Allowable Subject Matter
Claims 1-6, 8-16, and 18-20 are allowed. Claims 7 and 17 have been cancelled. 
The following is an examiner’s statement of reasons for allowance: 
The prior art, Frieder et al (US 8,271,527), discloses increasing refinement of role-based permission to access data within a Role Based Access Control (RBAC) controlled computer system by enabling constraints to be written on the role-based permissions. The constraints may utilize each and every type or combination of subject, object, or environment information extracted from sources internal or external to the 
The prior art, Curtis et al (US 11,108,828), discloses that a selection of a particular node in a permission graph display is received, where the particular node corresponds to a particular user. The graph is modified to display edges between the particular user node and nodes associated with resources of the service that the user is authorized to access in response to the received selection. The generated permission graph provides a traceable visualization between the connected nodes by using different appearances for the nodes to represent different application programming interface (API) calls associated with the resources.
However, the prior art, either alone or in combination does not expressly disclose:
“associating a granted permission set and a constrained permission set to a user profile in the access management system, wherein respective granted permissions in the granted permission set authorize the user profile to perform the respective granted permissions, and wherein respective constrained permissions in the constrained permission set preclude the user profile from performing the respective constrained permissions, wherein the constrained permission set supersedes the granted permission set, wherein the granted permission set is a first node in a policy graph including permissions for sub-nodes of the first node in the policy graph, and wherein the constrained permission set is a first sub-node of the first node; receiving a permission-based request at the access management system and from the user profile; determining, by the access management system, that the permission-based request is associated with a permission that is included in both the granted permission set and the constrained permission set; and rejecting, by the access management system, the permission-based request based on the policy graph and the constrained permission set superseding the granted permission set for the permission.”
Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure. 
Berg et al (US 2020/0120098): discloses multi-tenant authorization includes receiving, from a user account of a multi-tenant computer system, a request for a resource of the multi-tenant computer system. The method further includes determining whether the resource corresponds to a local resource that is local to the user account or to a nonlocal resource that is not local to the user account. The method further includes identifying, by a processing device, a local access control policy of the user account, corresponding to the local resource, or a visiting access control policy of the user account, corresponding to the nonlocal resource. The method further includes determining that the identified access control policy of the user account comprises an access permission corresponding to the resource. The method further includes 
Any inquiry concerning this communication or earlier communications from the examiner should be directed to KENDALL DOLLY whose telephone number is (571)270-1948. The examiner can normally be reached Monday-Thursday 7am-4pm(EST) and Friday 7am-11am(EST).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Shewaye Gelagay can be reached on (571)272-4219. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000
/KENDALL DOLLY/