DETAILED ACTION

This communication is in response to Application No. 16/913,168 filed on 6/26/2020. Claims 1-20 have been examined.

Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .

Information Disclosure Statement
The information disclosure statement (IDS) submitted on 1/5/2021 is being considered by the examiner.

Claim Objections
Claims 1, 8, and 15 are objected to because of the following informalities:
In claim 1, line 7, the phrase “an SSO authentication provide” should be corrected as –an SSO authentication provider-- for clear understanding of the claim. Similar correction should be made for claims 8 and 15.
Appropriate correction is required.

Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.

Claims 1-4, 8-11, and 15-18 are rejected under 35 U.S.C. 103 as being unpatentable over Standefer et al. (hereinafter Standefer)(US 2018/0131684) in view of Gulstone et al. (hereinafter Gulstone)(US 10,990,627).
Regarding claims 1, 8, and 15, Standefer teaches as follows:
an apparatus for syncing data warehouse permissions using single sign-on (SSO) authentication (providing the account information to a single sign on (SSO) access control system/utility, see, para. [0041]) the apparatus comprising a computer processor, a computer memory operatively coupled to the computer processor, the computer memory having disposed within its computer program instructions that, when executed by the computer processor (the computing device 800 may include at least one processing unit 802 and a system memory 804. The system memory 804 may include an operating system and one or more program modules suitable for running software application, such as one or more components supported by the systems described herein, see, para. [0057] and figure 8), cause the apparatus to carry out the steps of: 
determining a data warehouse user account of a cloud-based data warehouse, wherein the data warehouse user account corresponds to a data analytics service account of a data analytics service (if a requestor is determined to be associated with a resource provider, the collection creation application/service may determine whether the requestor is authorized, or has been authenticated, to access the underlying resource from/on the resource provider, see, para. [0041]), and wherein the data warehouse user account and the data analytics user account are authenticated using a single sign-on (SSO) authentication credential from an SSO authentication provider (single sign on (SSO) access control system/utility has been used to provide access to the underlaying resources and to the isolated collection, see, para. [0041]); 
determining one or more permissions in the cloud-based data warehouse for the data warehouse user account (this determination may include identifying one or more authentication and/or authorization indications (e.g., a token, credentials, a permission set, etc.), see, para. [0041] and 406 in figure 4); and 
applying the one or more permissions to the data analytics user account (the determinations may include an analysis of several factors, such as, whether a requestor is determined to be authorized to access a resource provider having access to an underlying resource (equivalent to data warehouse user account), whether an authentication/authorization indication to access an underlying resource has been identified. In examples, a collection creation application/service may provide access to an isolated collection (equivalent to data analytics service account) based on a single determination, see, para. [0041] and 408 in figure 4). 
Standefer teaches accessing to anther resource using the SSO access control system but does not teach of applying for a warehouse user account and a data analytics service account. 
Gulstone teaches as follows:
provider network 200 may implement various computing resources or services, such as data processing service(s) 210, (e.g., a map reduce service, a data warehouse service, and other large scale data processing services or database services)(equivalent to applicant’s data warehouse user account), hardware accelerated data analytics service 220 (equivalent to applicant’s data analytics service account), and other services 230 that may be any other type of network based services (see, col. 4, lines 24-49 and figure 2);
clients 250 may encompass any type of client that can submit network-based requests to provider network 200 via network 260, including requests for storage services (e.g., a request to query a data processing service 210, or a request to create, read, write, obtain, or modify data in data storage service(s), etc.). Alternatively, a client 250 may encompass an application such as a database application, a media application, an office application or any other application that may make use of data processing service(s) 210, hardware accelerated data analytics service 220, or storage resources in data storage service(s) 230 to store and/or access the data to implement various applications (see, col. 6, lines 32-60); and 
one of data processing service(s) 220 may be a data warehouse service. FIG. 3 is a logical block diagram of a data warehouse service that uses a hardware-accelerated data analytics service to perform data analytics operations, according to some embodiments. A data warehouse service, such as data warehouse service 300, may offer clients a variety of different data management services, according to their various needs (see, col. 7, line 53 to col. 8, line 14). 
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify Standefer with Gulstone to include the well-known data warehouse service as taught by Gulstone in order to efficiently apply SSO authentication among multiple services provided with the data warehouse service. 
Regarding claims 2, 9, and 16, Standefer teaches as follows:
determining the one or more permissions (set creation applications 202 and 204 may access resource providers 212 and 214 to determine the existence of resources and/or retrieve information associated with the resources (e.g., resource metadata, resource location, resource identifiers, permission sets, authorization data, etc.), see, para. [0033]).
Standefer does not teach the application on cloud-based data warehouse.
Gulstone teaches the cloud-based data warehouse application (provider network 200 may be a private or closed system or may be set up by an entity such as a company or a public sector organization to provide one or more services (such as various types of cloud-based storage) accessible via the Internet and/or other networks to clients 250, see, col. 4, lines 24-49 and figure 2).
Therefore, they are rejected for similar reason as presented above.
Regarding claims 3, 10, and 17, Standefer teaches as follows:
wherein determining the one or more permissions and applying the one or more permissions are performed at a predefined interval (when the period of time expires, server devices 106A-C may remove or attempt to renew the authentication indication, see, para. [0027]).
Regarding claims 4, 11, and 18, Gulstone teaches as follows:
accessing the cloud-based data warehouse (provider network 200 may be a private or closed system or may be set up by an entity such as a company or a public sector organization to provide one or more services (such as various types of cloud-based storage) accessible via the Internet and/or other networks to clients 250, see, col. 4, lines 24-49 and figure 2).
Therefore, they are rejected for similar reason as presented above.

Claims 5-7, 12-14, 19, and 20 are rejected under 35 U.S.C. 103 as being unpatentable over Standefer et al. (hereinafter Standefer)(US 2018/0131684) in view of Gulstone et al. (hereinafter Gulstone)(US 10,990,627), and further in view of Zhu et al. (hereinafter Zhu)(US 2016/0182525).
Regarding claims 5, 6, 12, 13, 19, and 20, Gulstone teaches the data warehouse service (interpreted as data processing service) and data analytics service as follows: 
a client 250 may encompass an application such as a database application, a media application, an office application or any other application that may make use of data processing service(s) 210, hardware accelerated data analytics service 220, or storage resources in data storage service(s) 230 to store and/or access the data to implement various applications (see, col. 6, lines 32-60).
Standefer in view of Gulstone does not teach of creating user accounts per each service.
Zhu teaches as follows:
identity management system 166 provides functionality that enables the configuration of the feeds that populate the user access accounts 178 and server access accounts 180 in access management system 182. It performs identity-related tasks, such as provisioning (e.g., creating and updating), entitlements on user accounts, such as group memberships and account attributes, etc. (see, para. [0036]).
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify Standefer in view Gulstone with Zhu to include the identity management system as taught by Zhu in order to automatically provision user accounts of multiple services corresponding to each other. 
Regarding claims 7 and 14, Standefer in view of Gulstone does not teaches the role based permissions.
Zhu teaches as follows:
access management system 162 illustratively stores the user access accounts 178 and server access accounts 180 for any users that need to obtain access to any multi-tenant workload system 102 (or data center) which is governed by authentication and permission system 104. Role-based access control and interface system 164 illustratively provides interfaces for authoring, storing and validating role membership and permission queries. It can be integrated with role requesting and approval system 158 to provide the functionality for making role membership require a request and approval, and for making role membership limited to a specific amount of time (see, para. [0036] and figure 1A).
	It would have been obvious for one of ordinary skill in the art before the effective filing date of the claimed invention to modify Standefer in view of Gulstone with Zhu to include the role-based access control as taught by Zhu in order to efficiently control access to data center based on assigned user’s role.

Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jeong S Park whose telephone number is (571)270-1597. The examiner can normally be reached Monday through Friday 8:00-4:30 ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Glenton B Burgess can be reached on 571-272-3949. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.





/JEONG S PARK/Primary Examiner, Art Unit 2454                                                                                                                                                                                                        
May 21, 2022