DETAILED ACTION
In the event the determination of the status of the application as subject to AIA  35 U.S.C. 102 and 103 (or as subject to pre-AIA  35 U.S.C. 102 and 103) is incorrect, any correction of the statutory basis for the rejection will not be considered a new ground of rejection if the prior art relied upon, and the rationale supporting the rejection, would be the same under either status.  
This office action is in response to the Amendment filed on 12/14/2021.
Claims 7-8 and 16-17 have been canceled.
Claims 1, 3-6, 10, 12-15, 18 and 20 have been amended.
Claims 21-24 have been added.
Claims 1-6, 9-15 and 18-24 are pending for consideration.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Response to Arguments
In view of amendments to claims 1-6, 9-15 and 18-24, the prior art rejection of claims 1-6, 9-15 and 18-24 has been withdrawn.  

Reasons for Allowance
Claims 1-6, 9-15 and 18-24 are allowed.
The following is an examiner’s statement of reasons for allowance: 

The present invention is directed to a segmentation server enables user-based management of a segmentation policy. Administrators belonging to different user groups may have different limited visibility into traffic flows controlled by the segmentation policy and may be assigned different privileges with respect to viewing, creating, and modifying rules of the segmentation policy (see Abstract).
 
The closest prior art of record, Kung (US 201480234459) teaches the processes automatically map application level security policy specifications into network level security enforcement rules that are provisioned automatically to one or more network security enforcement mechanisms at different points of the system infrastructure, including network devices, operating systems, hypervisors, and public and private cloud provider (Kung: paragraph 0014).  Kung further teaches representative examples of systems and processes implementing one or more of these improvements perform one or more of the following: discovering real time network flows; discovering native infrastructure changes; enforcing micro-segmentation; provisioning of application security policy to security mechanisms native to cloud services and hardware; and continuously monitoring network flows to detect, block and/or quarantine threats, and to monitor security mechanisms to ensure the security mechanisms are configured as defined by policies, fixing detected misconfiguration (see paragraph 0010).
 
However, Kung fails to anticipate or render obvious the recited feature of determining whether the user group has limited ruleset creation privileges or expanded ruleset creation privileges; responsive to determining that the user group has limited ruleset creation privileges, configuring a user interface of the administrative client with a first configuration in which the administrator can only control rules of the segmentation policy that permit connections between pairs of workloads that are both in the subset of workloads relevant to the user group; responsive to determining that the user group has expanded ruleset creation privileges, configuring the user interface of the administrative client with a second configuration in which the administrator can only control rules of the segmentation policy that permit connections between pairs of workloads in which a provider workload providing a service is within the subset of workloads relevant to the user group, as in independent claims 1, 10 and 18.  
 
These features, together with the other limitations of the independent claims are novel and non-obvious over the prior art of record.  The dependent claims 2-6, 9, 11-15 and 19-24 being definite, enabled by the specification, and further limiting to the independent claim, are also allowable.

Any comments considered necessary by applicant must be submitted no later than the payment of the issue fee and, to avoid processing delays, should preferably accompany the issue fee.  Such submissions should be clearly labeled “Comments on Statement of Reasons for Allowance.”

Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure is listed,
KUMAR (US 20180176185 A1) discloses system and method for managing firewall rules for hierarchical entities modify a processing order of the firewall rules to be executed in a distributed computer system based on hit counts of the firewall rules and direct descendent relationships of destination entities of the firewall rules.
Bansal (US 20180176261 A1) discloses A method of creating micro-segmentation policies for a network is provided. The method identifies a set of network nodes as seed nodes. The method monitors network packet traffic flows for the seed nodes to collect traffic flow information. The method identifies a set of related nodes for the set of seed nodes based on the collected network flow information. The method analyzes the collected network flow information to identify micro-segmentation policies for the network.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to TRANG T DOAN whose telephone number is (571)272-0740. The examiner can normally be reached Monday-Friday 7-4 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Lynn D Feild can be reached on (571)272-2092. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For 





/TRANG T DOAN/Primary Examiner, Art Unit 2431