DETAILED ACTION
This Office Action is in response to the amendment filed 11/3/2021 for application 16/299,404 filed.
Claims 1-20 are currently pending; claims 1, 18, and 19 are independent claims; claims 1, 18, and 19 have been amended; claims 1-20 have been examined.  
Notice of AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .  This Action is made FINAL.
Response to Arguments
The drawings filed 11/3/2021 are acceptable and the object to the drawings is removed.
The objection to claim 19 is removed in light of Applicant’s claim amendments filed 11/3/2021.
Applicants’ arguments, see Applicant Arguments/Remarks Made in an Amendment, filed 11/03/2021, with respect to the rejections of claims 1-20 have been fully considered but are not persuasive.
Applicant argues as follows:  Claim 1 as amended recites (in part): when the application implements a privileges model, the user is granted specific cluster and index privileges associated with a reserved role, which cannot be disabled using security driven feature control.  Neither Patel nor Hanhirova, either alone or in any theoretical combination, disclose these features. That is, the cited art does not disclose a reserved role that is specific to the application. Moreover, the reserved role cannot be disabled using the 
Examiner respectfully notes, that because of Applicant’s amendment, claims 1-3, 7, 8, 15, 16, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Patel (US20170147790), filed November 24, 2015, in view of Hanhirova (US20170346862), filed May 27, 2016, and Elasticsearch security privileges guide (“guide”), eslatic.co/guide/en/elasticsearch/reference/master/security-privileges.html, June 23 2017, 7 pages.  Elasticsearch security privileges guide (“guide”) discloses when the application implements a privileges model, the user is granted specific cluster and index privileges associated with a reserved role, which cannot be disabled using security driven feature control (Guide, 6th page, bottom, application privileges and privilege models, 1st page, bottom half cluster privileges and reserved role, 2nd page, middle, disabling of features, 5th page, middle, index privileges, 4th page, bottom auto configure).

Applicant argues as follows:  Claim 19 as amended recites (in part): when one of the applications implements a privileges model, the user is granted specific cluster and index privileges associated with a reserved role, which cannot be disabled using security driven feature control.  Neither Kuhmuench nor Nowlan, either alone or in any theoretical combination, disclose these features. That is, the cited art does not disclose a reserved role that is specific to the application. Moreover, the reserved role cannot be disabled using the security driven feature controls. The use of a reserved role is not disclosed in any of the cited art. Thus, claim 19 is patentable over the cited art. Claims depending from claim 19 
Examiner respectfully notes that Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Kuhmuench (US20150026208), Nowlan (US20080243766), filed May 30, 2007, and Elasticsearch security privileges guide (“guide”), eslatic.co/guide/en/elasticsearch/reference/master/security-privileges.html, June 23 2017, 7 pages.  Elasticsearch security privileges guide (“guide”) discloses when the application implements a privileges model, the user is granted specific cluster and index privileges associated with a reserved role, which cannot be disabled using security driven feature control (Guide, 6th page, bottom, application privileges and privilege models, 1st page, bottom half cluster privileges and reserved role, 2nd page, middle, disabling of features, 5th page, middle, index privileges, 4th page, bottom auto configure).
The Examiner respectfully suggests that the claims be further amended and details in the specification be incorporated to distinguish the claimed invention over prior art of record.  Should the Applicant desire an interview to further clarify the claim interpretation/rejections, please contact the Examiner at (571) 272 5368 to schedule an interview.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action. 



Claim Rejections - 35 USC § 103
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically discloses as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.  Patentability shall not be negated by the manner in which the invention was made.

This application currently names joint inventors. In considering patentability of the claims the examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary.  Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the examiner to consider the applicability of 35 U.S.C. 102(b) (2) (C) for any potential 35 U.S.C. 102(a) (2) prior art against the later invention.


Claims 1-3, 7, 8, 15, 16, and 18 are rejected under 35 U.S.C. 103 as being unpatentable over Patel (US20170147790), filed November 24, 2015, in view of Hanhirova (US20170346862), filed May 27, 2016, and Elasticsearch security privileges guide (“guide”), eslatic.co/guide/en/elasticsearch/reference/master/security-privileges.html, June 23 2017, 7 pages.
Regarding claim 1, Patel discloses a computer-implemented method for providing configurable feature level controls for data, the method comprising: providing a user interface for enabling a selection of a type of access to grant for each feature of a plurality of features of an application, the selection being on a feature-by-feature basis and the selection being assigned to one or more selected roles (Patel, paragraph 0046, “At stage 406, an administrator of the CRO 108 may assign different functional roles to each of the users.  Once the functional roles are assigned, a verification stage is initiated to confirm functional role assigned to each of the users.  ---- providing a user interface encompasses an administrator of the CRO 108 may assign different functional roles to each of the users”; paragraph 0037, “In order to capture this, the profile generation module 212 is configured to maintain a record of the functional role and a corresponding at least one application role, of the user, associated with each application of a plurality of applications.  Further, the application role defines a privilege level to access an application of the plurality of applications.  The privilege levels for each application role may be defined by an administrator of the CRO 108.  Further, the profile generation module 212 records the authentication details, functional role of the user and application role corresponding to each application from the plurality of applications in the user profile and stored the user profile in the profile database 228’);in response to
(Patel, paragraph 0047, “At stage 408, based on the functional role of the user, each user is assigned with an application role and a privilege level corresponding to each application in the CRO 108.  In one embodiment, the application role and the privilege level may be assigned by an administrative group of the CRO 108.  The mapping between the functional role of the user and application roles is maintained in an access management database.”; paragraph 0048, “At stage 410 and 412, the system 102 enables a web interface with APIs in order to enable the user to access the application from the plurality of applications 110.  The access to these applications is provided based on the application role and the privileged level assigned to the user.”);
determining whether a user has any role of the one or more selected roles to which the particular feature of the plurality of features has been assigned (Patel, paragraph 0047, “At stage 408, based on the functional role of the user, each user is assigned with an application role and a privilege level corresponding to each application in the CRO 108.  In one embodiment, the application role and the privilege level may be assigned by an administrative group of the CRO 108.  The mapping between the functional role of the user and application roles is maintained in an access management database.”; paragraph 0048, “At stage 410 and 412, the system 102 enables a web interface with APIs in order to enable the user to access the application from the plurality of applications 110.  The access to these applications is provided based on the application role and the privileged level assigned to the user.”);
based on the determining, for users having any of the one or more selected roles, (Patel, paragraph 0047, “At stage 408, based on the functional role of the user, each user is assigned with an application role and a privilege level corresponding to each application in the CRO 108.  In one embodiment, the application role and the privilege level may be assigned by an administrative group of the CRO 108.  The mapping between the functional role of the user and application roles is maintained in an access management database.”; paragraph 0048, “At stage 410 and 412, the system 102 enables a web interface with APIs in order to enable the user to access the application from the plurality of applications 110.  The access to these applications is provided based on the application role and the privileged level assigned to the user.”).
Patel does not explicitly disclose the plurality of features including only those features that are visible for all users for a particular space if access is limited to certain spaces.
However, in an analogous art, Hanhirova discloses the plurality of features including only those features that are visible for all users for a particular space if access is limited to certain spaces (Hanhirova, paragraph 0048, “the integrated intranet workspace may only provide access to part of the integrated intranet applications to a particular user, although the application and related workspace data stored in the application or in a file storage application would be visible to other users within the workspace.  In other words, access to the integrated intranet applications and workspace data thereof requires both authorization of the user by the integrated intranet system and authentication by the web client directly towards the application). 
Therefore, it would have been obvious to one of ordinary skill in the art before the 
One would have been motivated to provide an integrated intranet workspace (Hanhirova: paragraph 0001).
Patel and Hanhirova do not explicitly disclose when the application implements a privileges model, the user is granted specific cluster and index privileges associated with a reserved role, which cannot be disabled using security driven feature control.
However, in an analogous art, Guide discloses when the application implements a privileges model, the user is granted specific cluster and index privileges associated with a reserved role, which cannot be disabled using security driven feature control (Guide, 6th page, bottom, application privileges and privilege models, 1st page, bottom half cluster privileges and reserved role, 2nd page, middle, disabling of features, 5th page, middle, index privileges, 4th page, bottom auto configure).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Guide with the system/ method of Patel and Hanhirova to include when the application implements a privileges model, the user is granted specific cluster and index privileges associated with a reserved role, which cannot be disabled using security driven feature control.
One would have been motivated to provide security privileges and indexing privileges for clusters (Guide: page 1 and page 4)
Regarding claim 2, Patel, Hanhirova, and Guide discloses the computer-implemented method of Claim 1.  Patel discloses wherein each of the plurality of features is an application or plug-in within an environment (Patel, paragraph 0046, “At stage 406, an administrator of the CRO 108 may assign different functional roles to each of the users.  Once the functional roles are assigned, a verification stage is initiated to confirm functional role assigned to each of the users.  ---- providing a user interface encompasses an administrator of the CRO 108 may assign different functional roles to each of the users”; paragraph 0037, “In order to capture this, the profile generation module 212 is configured to maintain a record of the functional role and a corresponding at least one application role, of the user, associated with each application of a plurality of applications.  Further, the application role defines a privilege level to access an application of the plurality of applications.  The privilege levels for each application role may be defined by an administrator of the CRO 108.  Further, the profile generation module 212 records the authentication details, functional role of the user and application role corresponding to each application from the plurality of applications in the user profile and stored the user profile in the profile database 228’).
Regarding claim 3, Patel, Hanhirova, and Guide discloses the computer-implemented method of Claim 1.  Hanhirova discloses wherein the environment comprises data (Hanhirova, paragraph 0055, “Integrated intranet database (125) may store authentication keys of the users, and limited application data, such as workspace specific discussions and postings.”).  The motivation is the same as that of the claim from which this claim depends.

Regarding claim 7, Patel, Hanhirova, and Guide discloses the computer-implemented method of Claim 1.  Patel discloses wherein the types of access comprises different privileges with respect to the feature (Patel, paragraph 0024, “While aspects of described system and method for enabling role based privileged access to a user for accessing a plurality of applications may be implemented in any number of different computing systems, environments, and/or configurations, the embodiments are described in the context of the following exemplary system.”)

Regarding claim 8, Patel, Hanhirova, and Guide discloses the computer-implemented method of Claim 1.  Patel discloses wherein the types of access selectable via the user interface include granting: no access, read-only access, full access, or various levels of access, to the feature (Patel, paragraph 0033, “In order to capture this, the profile generation module 212 is configured to maintain a record of the functional role and a corresponding at least one application role, of the user, associated with each application of the plurality of applications 110.  The application role defines a privilege level to access one or more applications of the plurality of applications 110.  The privilege level may be selected from read data, read-write data, modify data, delete data, download data, transfer data and combinations thereof For example, a site coordinator is assigned a privilege level to view the site related information”)
Regarding claim 15, Patel, Hanhirova, and Guide discloses the computer-implemented method of Claim 1.  Patel discloses further comprising providing for registering at least some of the features of the plurality of features to declare actions permitted for full access, actions permitted for read-only access, and actions (Patel, paragraph 0046, “At stage 406, an administrator of the CRO 108 may assign different functional roles to each of the users.  Once the functional roles are assigned, a verification stage is initiated to confirm functional role assigned to each of the users.  ---- providing a user interface encompasses an administrator of the CRO 108 may assign different functional roles to each of the users”; paragraph 0037, “In order to capture this, the profile generation module 212 is configured to maintain a record of the functional role and a corresponding at least one application role, of the user, associated with each application of a plurality of applications.  Further, the application role defines a privilege level to access an application of the plurality of applications.  The privilege levels for each application role may be defined by an administrator of the CRO 108.  Further, the profile generation module 212 records the authentication details, functional role of the user and application role corresponding to each application from the plurality of applications in the user profile and stored the user profile in the profile database 228’)
Regarding claim 16, Patel, Hanhirova, and Guide discloses the computer-implemented method of Claim 1.  Patel discloses wherein the automatically controlling the type of access to each of the feature of the plurality of features, is a function of the registering (Patel, paragraph 0073, “Further, the application role defines a privilege level to access an application of the plurality of applications.  The privilege levels for each application role may be defined by an administrator of the CRO 108.”).
Regarding claim 18, Patel discloses a system comprising: a processor; and a memory communicatively coupled to the processor, the memory storing instructions executable by the processor to perform a method, the method comprising (Patel, paragraph 0027, “Referring now to FIG. 2, the system 102 is illustrated in accordance with an embodiment of the present subject matter.  In one embodiment, the system 102 may include at least one processor 202, an input/output (I/O) interface 204, and a memory 206.  The at least one processor 202 may be implemented as one or more microprocessors, microcomputers, microcontrollers, digital signal processors, central processing units, state machines, logic circuitries, and/or any devices that manipulate signals based on operational instructions.  Among other capabilities, the at least one processor 202 is configured to fetch and execute computer-readable instructions stored in the memory 206.“);
providing a user interface for enabling a selection of a type of access to grant for each feature of a plurality of features, the selection being on a feature-by-feature basis and the selection being assigned to one or more selected roles (Patel, paragraph 0046, “At stage 406, an administrator of the CRO 108 may assign different functional roles to each of the users.  Once the functional roles are assigned, a verification stage is initiated to confirm functional role assigned to each of the users.  ---- providing a user interface encompasses an administrator of the CRO 108 may assign different functional roles to each of the users”; paragraph 0037, “In order to capture this, the profile generation module 212 is configured to maintain a record of the functional role and a corresponding at least one application role, of the user, associated with each application of a plurality of applications.  Further, the application role defines a privilege level to access an application of the plurality of applications.  The privilege levels for each application role may be defined by an administrator of the CRO 108.  Further, the profile generation module 212 records the authentication details, functional role of the user and application role corresponding to each application from the plurality of applications in the user profile and stored the user profile in the profile database 228’);
in response to the selection of the type of access, automatically controlling the type of access to each of the features of the plurality of features, the automatic controlling, for a particular feature of the plurality of features, including (Patel, paragraph 0047, “At stage 408, based on the functional role of the user, each user is assigned with an application role and a privilege level corresponding to each application in the CRO 108.  In one embodiment, the application role and the privilege level may be assigned by an administrative group of the CRO 108.  The mapping between the functional role of the user and application roles is maintained in an access management database.”; paragraph 0048, “At stage 410 and 412, the system 102 enables a web interface with APIs in order to enable the user to access the application from the plurality of applications 110.  The access to these applications is provided based on the application role and the privileged level assigned to the user.”);
determining whether a user has any role of the one or more selected roles to which the particular feature of the plurality of features has been assigned (Patel, paragraph 0047, “At stage 408, based on the functional role of the user, each user is assigned with an application role and a privilege level corresponding to each application in the CRO 108.  In one embodiment, the application role and the privilege level may be assigned by an administrative group of the CRO 108.  The mapping between the functional role of the user and application roles is maintained in an access management database.”; paragraph 0048, “At stage 410 and 412, the system 102 enables a web interface with APIs in order to enable the user to access the application from the plurality of applications 110.  The access to these applications is provided based on the application role and the privileged level assigned to the user.”);
based on the determining, for users having any of the selected one or more roles, permitting the type of access selected for the particular feature of the plurality of features assigned to the one or more selected roles (Patel, paragraph 0047, “At stage 408, based on the functional role of the user, each user is assigned with an application role and a privilege level corresponding to each application in the CRO 108.  In one embodiment, the application role and the privilege level may be assigned by an administrative group of the CRO 108.  The mapping between the functional role of the user and application roles is maintained in an access management database.”; paragraph 0048, “At stage 410 and 412, the system 102 enables a web interface with APIs in order to enable the user to access the application from the plurality of applications 110.  The access to these applications is provided based on the application role and the privileged level assigned to the user.”).
Patel does not explicitly disclose the plurality of features including only those features that are visible for a particular space if access is limited to certain spaces.
However, in an analogous art, Hanhirova discloses the plurality of features including only those features that are visible for a particular space if access is limited to certain spaces (Hanhirova, paragraph 0048, “the integrated intranet workspace may only provide access to part of the integrated intranet applications to a particular user, although the application and related workspace data stored in the application or in a file storage application would be visible to other users within the workspace.  In other words, access to the integrated intranet applications and workspace data thereof requires both authorization of the user by the integrated intranet system and authentication by the web client directly towards the application).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Hanhirova with the system/ method of Patel to include the plurality of features including only those features that are visible for a particular space if access is limited to certain spaces.
One would have been motivated to provide an integrated intranet workspace (Hanhirova: paragraph 0001).
Patel and Hanhirova do not explicitly disclose when the application implements a privileges model, the user is granted specific cluster and index privileges associated with a reserved role, which cannot be disabled using security driven feature control.
However, in an analogous art, Guide discloses when the application implements a privileges model, the user is granted specific cluster and index privileges associated with a reserved role, which cannot be disabled using security driven feature control (Guide, 6th page, bottom, application privileges and privilege models, 1st page, bottom half cluster privileges and reserved role, 2nd page, middle, disabling of features, 5th page, middle, index privilege, 4th page, bottom auto configure).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Guide with the system/ method of Patel and Hanhirova to include when the application implements a privileges model, the user is granted specific cluster and index privileges associated with a reserved role, which cannot be disabled using security driven feature control.
One would have been motivated to provide security privileges and indexing (Guide: page 1 and page 4).

Claims 4 and 5 are rejected under 35 U.S.C. 103 as being unpatentable over Patel (US20170147790), filed November 24, 2015, in view of Hanhirova (US20170346862), filed May 27, 2016, and Elasticsearch security privileges guide (“guide”), eslatic.co/guide/en/elasticsearch/reference/master/security-privileges.html, June 23 2017, 7 pages, and further in view of Cardno (US20110261049), filed June 19, 2009.
Regarding claim 4, Patel, Hanhirova, and Guide disclose the computer-implemented method of claim 2.
Patel, Hanhirova, and Guide do not explicitly disclose wherein the environment comprises data visualization.
However, in an analogous art, Cardno discloses wherein the environment comprises data visualization (Cardno, paragraph 0963, “In the various industries described herein, the ability to incorporate familiar forms (e.g., pie charts, bar graphs, line graphs) into Visual Documents as herein described will assist in quickly pinpointing key values within the visualization.”; paragraph 0964-0969, “Some common charts are as follows: Scatterplots--Are Cartesian coordinates to show the relation of two or more quantitative variables.  Histograms--Typically show the quantity of points that fall within various numeric ranges (or bins).  Bar graphs--Use bars to show frequencies or values for different categories.  Pie charts--Show percentage values as a slice of a pie.  Line charts--Are a two-dimensional scatterplot of ordered observations where the observations are connected following their order.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the 
One would have been motivated to provide users with the benefits of insights into the relationships of data (Cardno: paragraphs 0023-0027).
Regarding claim 5, Patel, Hanhirova, Guide and Cardno disclose the computer-implemented method of Claim 4.  Cardno discloses wherein the visualizations comprise dashboards, histograms, line graphs, or pie charts (Cardno, paragraph 0963, “In the various industries described herein, the ability to incorporate familiar forms (e.g., pie charts, bar graphs, line graphs) into Visual Documents as herein described will assist in quickly pinpointing key values within the visualization.”; paragraph 0964-0969, “Some common charts are as follows: Scatterplots--Are Cartesian coordinates to show the relation of two or more quantitative variables.  Histograms--Typically show the quantity of points that fall within various numeric ranges (or bins).  Bar graphs--Use bars to show frequencies or values for different categories.  Pie charts--Show percentage values as a slice of a pie.  Line charts--Are a two-dimensional scatterplot of ordered observations where the observations are connected following their order.”).  The motivation is the same as that of the claim from which this claim depends.


Claim 6 is rejected under 35 U.S.C. 103Patel (US20170147790), filed November 24, 2015, in view of Hanhirova (US20170346862), filed May 27, 2016, and further in view of Wolf (US20200134750), filed October 30, 2019, claiming priority to provisional application 62/753,861, filed October 31, 2018.
Regarding claim 6, Patel and Hanhirova disclose the computer-implemented method of claim 1.
Patel and Hanhirova do not explicitly disclose wherein the types of access comprises whether the feature is visible to the users having particular roles.
However, in an analogous art, Wolf discloses wherein the types of access comprises whether the feature is visible to the users having particular roles (Wolf, paragraph 0134, “In many cases, as described above, a configuration file can be authorized user or role specific.  As a result, the behavior and/or operation (e.g., data shown or hidden, data redacted or presented, and so on) of an instance of the client application can be tailored to a specific user and/or a specific role (or combination of roles).”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Wolf with the system/ method of Patel and Hanhirova to include wherein the types of access comprises whether the feature is visible to the users having particular roles.
One would have been motivated to provide users with the benefits of securely transacting information across computer networks (Wolf: paragraph 0002).
Claim 9 is rejected under 35 U.S.C. 103Patel (US20170147790), filed November 24, 2015, in view of Hanhirova (US20170346862), filed May 27, 2016, and Elasticsearch security privileges guide (“guide”), eslatic.co/guide/en/elasticsearch/reference/master/security-privileges.html, June 23 2017, 7 pages, and further in view of Lang (US20110208766), filed February 23, 2011.
Regarding claim 9, Patel, Hanhirova, and Guide disclose the computer-implemented method of Claim 1.
Hanhirova discloses further comprising: based on at least one role of the user, automatically limiting access to the user to one or more spaces of a plurality of spaces, such that the one or more spaces is accessible to the user (Hanhirova, paragraph 0048, “If a user joining or participating an integrated intranet workspace does not have access to one or more of the workspace integrated applications due to not having valid user credentials to use a particular independent cloud application selected as a workspace integrated application, this application may not appear to this particular user among the workspace integrated applications.”; paragraph 0052, “Users may have different level of access rights to the workspace.  Level of access rights may be represented in the system by a user type.  A user with user type "administrator" has full rights to make changes in the workspace environment, and for example to the selection of default applications (145).  An "editor" is typically authorized to generate new workspaces and to invite members to these workspaces he/she owns. ,Users may have different levels of access rights indifferent workspaces.”; paragraph 0054, “The integrated intranet system, especially the integrated intranet feeder (120) and the web client (110), may handle access control management to the external applications for all workspace users, so that access to the selected external applications is seamless for the users.”). 
Patel and Hanhirova do not explicitly disclose each space of the plurality of spaces containing a number of saved objects, the saved objects being dashboards, visualizations, or other objects.
However, in an analogous art, Lang discloses each space of the plurality of spaces (Lang, paragraph 0004, “As more and more documents are added to the paper-based filing system, more and more physical space is required to store the documents, and the ability to retrieve a particular piece of information becomes increasingly complex.  ”; paragraph 0048, “After successfully logging in to the system 10, a "dashboard" view page (See FIG. 8) is presented to the user, and the user may begin entering information into various fields of the dashboard view page.”: paragraph 0058, “According to various embodiments, some information can be formatted so that it can be presented in different configurations (e.g., all of a user's contacts information can be presented in one big data grid on a view page (See FIG. 16), a user can drill down within the one big data grid so that the contacts information is only presented for one person on a view page but with more of the available fields than was presented with the one big data grid).  The "one person" view page may also provide access to additional functionality (e.g., gift log functionality) that is not accessible directly from the "one big data grid" view page.”).
 
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lang with the system/ method of Patel, Hanhirova, and Guide to include each space of the plurality of spaces containing a number of saved objects, the saved objects being dashboards, visualizations, or other objects.
One would have been motivated to provide users with the benefits of managing personal information (Lang; paragraph 0002)
Claim 10 is rejected under 35 U.S.C. 103 as being unpatentable over Patel (US20170147790), filed November 24, 2015, in view of Hanhirova (US20170346862), filed May 27, 2016, Elasticsearch security privileges guide (“guide”), eslatic.co/guide/en/elasticsearch/reference/master/security-privileges.html, June 23 2017, 7 pages, and Lang (US20110208766), filed February 23, 2011, and further in view of Pettiross (US20060224989), filed April 1, 2005.
Regarding claim 10, Patel, Hanhirova, Guide, and Lang disclose the computer-implemented method of Claim 9.
Hanhirova discloses further comprising: providing another user interface for selecting, for each space of the plurality of spaces (Hanhirova, paragraph 0048, “the integrated intranet workspace may only provide access to part of the integrated intranet applications to a particular user, although the application and related workspace data stored in the application or in a file storage application would be visible to other users within the workspace.  In other words, access to the integrated intranet applications and workspace data thereof requires both authorization of the user by the integrated intranet system and authentication by the web client directly towards the application”; paragraphs 0052 and 0054, workspaces).
Patel, Hanhirova, Guide, and Lang do not explicitly disclose providing another user interface for selecting, for each space of the plurality of spaces, whether each feature of the plurality of features is visible or hidden.
However, in an analogous art, Pettiross discloses providing another user interface for selecting, for each space of the plurality of spaces, whether each feature of the plurality (Pettiross, paragraph 0008, “Another aspect of the present invention provides a method for displaying a notification associated with an application window.  The method includes steps of displaying a first application widow representation in a visible application window representation position within a predefined region of a display screen and maintaining a second application window representation within a hidden application window representation position, the hidden application window representation position within a glom being associated with the first window application representation.  The method also includes steps of receiving a notification associated with the second application window, and repositioning the second application window representation from the hidden application window representation position to a second visible application window representation position within the predefined region of the display screen.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Pettiross with the system/ method of Patel, Hanhirova, Guide, and Lang to include providing another user interface for selecting, for each space of the plurality of spaces, whether each feature of the plurality of features is visible or hidden.
One would have been motivated to provide users with the benefits of a window management system to aid in managing multiple application window representations in a predetermined region of a display screen (Pettiross: paragraph 0007).

Claims 11 and 12 are rejected under 35 U.S.C. 103 as being unpatentable over Patel (US20170147790), filed November 24, 2015, in view of Hanhirova (US20170346862), filed May 27, 2016, Elasticsearch security privileges guide (“guide”), .
Regarding claim 11, Patel, Hanhirova, Guide, Lang, and Pettiross disclose the computer-implemented method of Claim 10.
Patel, Hanhirova, Guide, Lang, and Pettiross  do not explicitly disclose wherein the automatically controlling is also a function of whether the user is in the particular space and whether the particular feature is visible or hidden for the particular space.
However, in an analogous art, Horvitz discloses wherein the automatically controlling is also a function of whether the user is in the particular space and whether the particular feature is visible or hidden for the particular space (Horvitz, abstract, “The present invention relates to a system and methodology for controlling and presenting information to users in an automated manner.  Sets of information items accessible by users from computer workspaces (e.g., from within and/or outside an application) are automatically hidden or reduced from view in order to facilitate user processing of a determined and/or reduced subset of information.  The reduced subset is created from decision-theoretic considerations of the expected costs and benefits of hiding or mitigating information items from view or presentation while leaving more likely items or objects exposed for efficient access by users.  The display of the ideal set of items takes into consideration controls that allow for the access of views that reveal sets of less likely items through one or more gestures.  The control of the optimization may be facilitated by preference-assessment interfaces that allow a designer and/or a user to assess preferences about the costs of reviewing sets of items of different lengths and about the costs of gestures to reveal additional items.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Horvitz with the system/ method of Patel, Hanhirova, Guide, Lang, and Pettiross to include providing another user interface for selecting, for each space of the plurality of spaces, whether each feature of the plurality of features is visible or hidden.
One would have been motivated to provide users with the benefits of facilitating user processing of a determined and/or reduced subset of information (Horvitz: abstract).
Regarding claim 12, Patel, Hanhirova, Guide, Lang, Pettiross, and Horvitz disclose the computer-implemented method of Claim 11.  Patel discloses wherein the automatically controlling is also a function of whether the feature is enabled for the user's role (Patel, paragraph 0048, “At stage 410 and 412, the system 102 enables a web interface with APIs in order to enable the user to access the application from the plurality of applications 110.  The access to these applications is provided based on the application role and the privileged level assigned to the user.”).  The motivation is the same as that claim from which this claim depends.
Claim 13 is rejected under 35 U.S.C. 103Patel (US20170147790), filed November 24, 2015, in view of Hanhirova (US20170346862), filed May 27, 2016, and Elasticsearch security privileges guide (“guide”), eslatic.co/guide/en/elasticsearch/reference/master/security-privileges.html, June 23 2017, 7 pages, and further in view of Horvitz (US20040267600), filed June 30, 2003.
Regarding claim 13, Patel, Hanhirova, and Guide disclose the computer-implemented method of Claim 1.
Patel, Hanhirova, and Guide do not explicitly disclose wherein the automatically controlling further comprises: determining whether the user is in the particular space and whether the particular feature has been selected as visible or hidden for the particular space.
However, in an analogous art, Horvitz discloses wherein the automatically controlling further comprises: determining whether the user is in the particular space and whether the particular feature has been selected as visible or hidden for the particular space (Horvitz, abstract, “The present invention relates to a system and methodology for controlling and presenting information to users in an automated manner.  Sets of information items accessible by users from computer workspaces (e.g., from within and/or outside an application) are automatically hidden or reduced from view in order to facilitate user processing of a determined and/or reduced subset of information.  The reduced subset is created from decision-theoretic considerations of the expected costs and benefits of hiding or mitigating information items from view or presentation while leaving more likely items or objects exposed for efficient access by users.  The display of the ideal set of items takes into consideration controls that allow for the access of views that reveal sets of less likely items through one or more gestures.  The control of the optimization may be facilitated by preference-assessment interfaces that allow a designer and/or a user to assess preferences about the costs of reviewing sets of items of different lengths and about the costs of gestures to reveal additional items.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the 
One would have been motivated to provide users with the benefits of facilitating user processing of a determined and/or reduced subset of information (Horvitz: abstract).

Claim 14 is rejected under 35 U.S.C. 103 as being unpatentable over Patel (US20170147790), filed November 24, 2015, in view of Hanhirova (US20170346862), filed May 27, 2016, Elasticsearch security privileges guide (“guide”), eslatic.co/guide/en/elasticsearch/reference/master/security-privileges.html, June 23 2017, 7 pages, and Horvitz (US20040267600), filed June 30, 2003, and further in view of Gonion (US20090175509).
Regarding claim 14, Patel, Hanhirova, Guide, and Horvitz disclose the computer-implemented method of Claim 13.
Patel, Hanhirova, Guide, and Horvitz do not explicitly disclose wherein the automatically controlling further comprises: permitting the selected type of access only if the user is determined to be in the particular space and it is determined that the selected feature is visible for the particular space.
However, in an analogous art, Gonion discloses wherein the automatically controlling further comprises: permitting the selected type of access only if (Gonion, paragraph 0060, “Thus, the input/output control application 406 may periodically or continuously receive user presence information from the detection application 402 to enable the control application to inhibit, delay, or reset the timer of the screen saver.  Thus, a passive user is allowed to view the text document without the need to actively press any keys on a keypad or keyboard.  In certain embodiments, the screen saver application, or any other application, may interact directly with the decision application 402 and/or 404 to determine whether a user is present and/or authorized to access certain application features.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gonion with the system/ method of Patel, Hanhirova, Guide, and Horvitz to include wherein the automatically controlling further comprises: permitting the selected type of access only if the user is determined to be in the particular space and it is determined that the selected feature is visible for the particular space.
One would have been motivated to provide users with the benefits of detecting the presence of a user (Gonion: paragraph 0007).
Claim 17  is rejected under 35 U.S.C. 103 as being unpatentable over Patel (US20170147790), filed November 24, 2015, in view of Hanhirova (US20170346862), filed May 27, 2016, and Elasticsearch security privileges guide (“guide”), eslatic.co/guide/en/elasticsearch/reference/master/security-privileges.html, June 23 2017, 7 pages, and further in view of Liesche (US20140250234), 371 date April 4, 2014.
Regarding claim 17, Patel, Hanhirova, Guide, and Horvitz disclose the 
Patel, Hanhirova, Guide, and Horvitz disclose features/ applications, but do not explicitly disclose wherein the registering further comprises declaring corresponding user interface capabilities that are part of the feature.
However, in an analogous art, Liesche discloses wherein the registering further comprises declaring corresponding user interface capabilities that are part of the feature (Liesche, paragraph 0068, “Execution of the instructions further causes the processor to register the device with the abstraction layer and declare its capabilities using the device register by connecting the device with the user interface using the abstraction layer.”; paragraph 0092, “In another aspect the invention provides for a method of connecting network connectable independent devices via a user interface comprising connecting the sensor or actuator appliance to a network.  The method further comprises visualizing each network connectable device on the user interface by an abstraction layer.  The method further comprises the step of registering each device with said abstraction layer and declaring its capabilities by connecting it with said user interface including the abstraction layer.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Gonion with the system/ method of Patel, Hanhirova, Guide, and Horvitz a to include wherein the registering further comprises declaring corresponding user interface capabilities that are part of the feature.
One would have been motivated to provide users with the benefits of creating and registering device objects (Liesche: paragraph 0060).

Claim 19 is rejected under 35 U.S.C. 103 as being unpatentable over Kuhmuench (US20150026208), filed July 22, 2013, in view of Nowlan (US20080243766), filed May 30, 2007, and Elasticsearch security privileges guide (“guide”), eslatic.co/guide/en/elasticsearch/reference/master/security-privileges.html, June 23 2017, 7 pages.
Regarding claim 19, Kuhmuench discloses a system comprising: a processor; and a memory communicatively coupled to the processor, the memory storing instructions executable by the processor to perform a method for providing configurable feature level controls for data, the method comprising (Kuhmuench, paragraph 0012, “discloses a system for providing dynamic management of roles and features in enterprise applications comprising a memory module for storing information for a plurality of users in a user table, identifying each user by a unique login used as a primary key, and information for a plurality of roles in a role table, the first and second join-tables then stored in the memory module, wherein when a user requests access to a selected feature, the processor is queried to determine if the selected feature is associated with a role assigned to the user”)
based on at least one role of a user, automatically controlling on a feature-by-feature basis privileges (Kuhmuench, paragraph 0029, “an improvement over the prior art is provided in that the relationship between the users and their roles is no longer fixed at compile time.  Instead, at any time during execution of an application, either of the join-tables can be updated to modify the specific roles associated with each user, or modify the specific features associated with each role (i.e., "dynamic" management of access control).”
(Kuhmuench, paragraph 0023, “In prior art database management organizations using role-based access authorization, each role would have a number of assigned features, and a user would be granted/denied permission to access a particular feature based upon his/her assigned roles.  As mentioned above, the roles were assigned to the users at compile time (similarly, the features were assigned to the roles at compile time), and each "rule-based" call would be based upon the static organization of data.”)
of a plurality of features (Kuhmuench, paragraph 0018, “The present invention, as described in detail below, provides a methodology for providing fine-grained, dynamic access control to features and data in enterprise applications”).
Kuhmuench does not explicitly disclose each of the features being applications.
However, in an analogous art, Nowlan discloses each of the features being applications (Nowlan, paragraph 0018, “A new desired major function of the electronic device is typically described in terms of a feature 120.  They are shown at the same level of the hierarchy of FIG. 1 to illustrate that there is strong similarity between the concepts of application and feature.  As a result, although quite similar, there is rarely a one to one correspondence between applications and features.  A feature may describe an entire application, or a part of an application, or it may even correspond to a set of common elements that exist across several applications.   --- Examiner: a known one to one correspondence between applications encompasses rarely a one to one correspondence between applications and features.”)

Therefore, it would have been obvious to one of ordinary skill in the art before the 
One would have been motivated to avail of the strong similarity between the concepts of application and feature (Nowlan: paragraph 0018).
Patel and Hanhirova do not explicitly disclose when the application implements a privileges model, the user is granted specific cluster and index privileges associated with a reserved role, which cannot be disabled using security driven feature control.
However, in an analogous art, Guide discloses when the application implements a privileges model, the user is granted specific cluster and index privileges associated with a reserved role, which cannot be disabled using security driven feature control (Guide, 6th page, bottom, application privileges and privilege models, 1st page, bottom half cluster privileges and reserved role, 2nd page, middle, disabling of features, 5th page, middle, index privileges).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Guide with the system/ method of Patel and Hanhirova to include when the application implements a privileges model, the user is granted specific cluster and index privileges associated with a reserved role, which cannot be disabled using security driven feature control.
One would have been motivated to provide security privileges and indexing privileges for clusters (Guide: page 1 and page 4).

Claim 20 is rejected under 35 U.S.C. 103 as being unpatentable over Kuhmuench (US20150026208), filed July 22, 2013, in view of Nowlan (US20080243766), filed May 30, 2007, and Elasticsearch security privileges guide (“guide”), eslatic.co/guide/en/elasticsearch/reference/master/security-privileges.html, June 23 2017, 7 pages and further in view of Beveridge (US20180060361), filed October 4, 2016.
Regarding claim 20, Kuhmuench, Nowlan, and Guide disclose the system of claim 19.
Kuhmuench, Nowlan, and Guide do not explicitly disclose wherein the automatically controlling comprises creating a set of rules for configuring a distributed search engine environment so only a certain set of users is able to use certain applications in the distributed search engine environment.
However, in an analogous art, Beveridge discloses wherein the automatically controlling comprises creating a set of rules for configuring a distributed search engine environment so only a certain set of users is able to use certain applications in the distributed search engine environment (Beveridge, paragraph 0064, “FIGS. 13A-B illustrate certain types of data maintained and used within local instances of the distributed-search subsystem and within a centralized distributed-search engine.  As shown in FIG. 13A, a local instance of the distributed-search subsystem stores one or more filters 1302, one or more policies 1304, each policy comprising one or more filters, one or more evaluators 1306, one or more search-evaluation expressions 1308, each search-evaluation expression comprising one or more evaluators, and one or more searches 1310, each search comprising a search-evaluation expression and zero, one, or more policies.”; paragraph 0066, “For example, a local instance of the distributed-search subsystem may request a current list of the different types of attributes that can be used to construct filters, policies, and search-evaluation expressions.”).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Beveridge with the system/ method of Kuhmuench, Nowlan, and Guide to include, an entropy vector or a determined entropy vector.
One would have been motivated to provide users with the benefits of efficient distributed, search methods (Beveridge: paragraph 0004).







Conclusion
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action. 

Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, LUU PHAM can be reached on 5712705002. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/W.J.M/Examiner, Art Unit 2439                 



/LUU T PHAM/Supervisory Patent Examiner, Art Unit 2439