DETAILED ACTION
Notice of Pre-AIA  or AIA  Status
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Information Disclosure Statement 
The information disclosure statement(s) (IDS) submitted on 07/22/2022 and 07/25/2022 were filed before the mailing date of this office action.  The submissions are in compliance with the provisions of 37 CFR 1.97.  Accordingly, the information disclosure statements are being considered by the examiner. 
Response to Arguments
Applicant’s arguments, see Remarks, filed 07/22/2022, with respect to the rejection(s) of independent claims 1 and 4 under 35 USC § 102 have been fully considered but are moot because the new ground of rejection does not rely on any reference applied in the prior rejection of record for any teaching or matter specifically challenged in the argument.
Claim Rejections - 35 USC § 112
The following is a quotation of 35 U.S.C. 112(b):
(b)  CONCLUSION.—The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject matter which the inventor or a joint inventor regards as the invention.


Claims 1 and 4 are rejected under 35 U.S.C. 112(b) or 35 U.S.C. 112 (pre-AIA ), second paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject matter which the inventor or a joint inventor (or for applications subject to pre-AIA  35 U.S.C. 112, the applicant), regards as the invention. 
Claim 1 recites the limitation “a same period”. There is no sufficient antecedent basis for this limitation in the claim.
Claim 4 recites the limitation “a same period”. There is no sufficient antecedent basis for this limitation in the claim. 
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made. 

Claims 1-5 and 7-9 are rejected under 35 U.S.C. 103 as being unpatentable over US-PGPUB No. US 2002/0147801 A1 TO Gullotta et al (hereinafter “Gullotta”) and USPAT No. 9,405,922 B2 to Schreiber et al. (hereinafter “Schreiber”) 
Regarding claim 1  
Gullotta discloses:
A method for setting form-field operation permission of a workflow (¶11: “… systems and methods for provisioning users based on policies, user roles and attributes …”, see Fig. 8 for the forms and related attributes, and the workflow), comprising a start node (see Fi. 7C, “Request add service form”) and at least one approval node (see Fig. 7C, “Approve request”), and wherein the form-field operation 5permission of said start node and the form field operation permission of said approval node are configured to be set according to a permission in a system (¶91: “… each request to the Application Server (requests from users for provisioned services) is authenticated and authorized before it is executed. At this level, only proper system credentials may be sufficient for authentication …”) and a permission in a process respectively (¶37: “… may also be authorized to manage different portions of the system's data by being granted permission to access such data.”); 
However, Gullotta does not disclose the following limitation taught by Schreiber:
wherein a user (Schreiber, col 8, line 33: “… single user A1”) is configured to obtain the form-field operation permission (Schreiber, col 3, lines 21-22: “… user A1 has permission to access resources B1 and B3 …”) via a related role (Schreiber, col 8, line 33: “… role 605 …”), the role is independent which is not a group or a class (Schreiber, see Fig. 6H, role 605), one role is configured to be related to the user only during a same period (Schreiber, see Fig. 6H, role 605 associated with single user A1, and no other role is associated to single user A1), and the user is configured to be related to the one role or more roles (Schreiber, col 8, lines 33: “… role 605 contains a user set of single user A1.”, see Fig. 6F user A1 is associated with roles 605, 610, 615 and 625).
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of Gullotta to incorporate the functionality of the role-based access control system to configure a role to a single user, as disclosed by Schreiber, such modification would increase user accountability, and thus minimize errors and improve efficiency and reliability.
Regarding claim 2 
The combination of Gullotta and Schreiber discloses:
The method according to claim 1, wherein said start node comprises one or more process initiators (Gullotta, ¶124: “… the provisioning of a user may be initiated by calling up a provisioning user interface … The RPM system would then search its stored policies and, based on the user's roles and attributes, determine a set of resources to be provisioned.”) and the form-field operation permission of said start node is set in the following mode: 
a form operation permission of each of the one or more process initiator in the system is obtained as the form-field operation 10permission of the corresponding process initiator in said start node, the form operation permission is the permission set in the system for the one or more process initiators, which is not the permission in the process, and the form-field operation permission of each of the one or more process initiators is independent Gullotta, ¶124: “… the provisioning of a user may be initiated by calling up a provisioning user interface (screen) on a Web browser connected to an organizational network. This screen would enable human resources personnel to input known roles and attributes. The RPM system would then search its stored policies and, based on the user's roles and attributes, determine a set of resources to be provisioned.”
¶135: “… a user wishing to be provisioned with one or more resources may access a provisioning user interface screen 700 from a networked computer. … the provisioning screen visible to the requesting user will only contain those fields for information that the user is capable of providing.”).  
Regarding claim 3 
The combination of Gullotta and Schreiber discloses: 
 	The method  according to claim 1, wherein said approval node comprises one or more approvers (Gullotta, Fig 8, approvers Department Manager and IT personnel), and the form- field operation permission of said approval node is set as follows:  2the form-field operation permission of each  of the one or more approvers in said approval node is customized, the form-field operation permission is the permission in a-the process, which is not the permission in the system, and the form-field operation permission of each of the one or more approvers  is independent (Gullotta, ¶138: “The provisioning process may also determine who can modify information, and which information cannot be modified. The provisioning process may also define what information must be added before the provisioning request can be sent to the next person. … the authorizing authority may change depending on what is entered into the request fields. Thus, there is no one process path through which this request form will flow. The process path may actually branch into different directions, depending on what information is entered into the fields of the request form”).
Regarding claim 4 
Gullotta discloses:
A method for setting a form-field operation permission (¶16: “… a method and system for provisioning users with resources …”) of an approval node (see Fig. 7C, “Approve request”), wherein said approval node comprises one or more approvers (see Fig 8, approvers Department Manager and IT personnel), and the form-field operation permission of each  of the one or more approvers in said approval node is customized (¶136-137: “… the provisioning screen may then be made known to the IT department, who may see a different provisioning screen 714 from the department manager. For example, the provisioning screen 714 may include an additional field 716 which allows IT personnel to designate a particular mail server, which may be dependent on the department information, and which may be beyond the department manager's knowledge”, ¶63: “The Form Generation application may comprise a graphical user interface builder that associates system data attributes with graphical controls, which may include, but is not limited to, a "What You See Is What You Get" (WYSIWYG) graphical user interface builder.”),
However, Gullotta does not disclose the following limitation taught by Schreiber:
wherein a user (Schreiber, col 8, line 33: “… single user A1”) is configured to obtain the form-field operation permission (Schreiber, col 3, lines 21-22: “… user A1 has permission to access resources B1 and B3 …”) via a related role (Schreiber, col 8, line 33: “… role 605 …”), the role is independent which is not a group or a class (Schreiber, see Fig. 6H, role 605), one role is configured to be related to the user only during a same period (Schreiber, see Fig. 6H, role 605 associated with single user A1, and no other role is associated to single user A1), and the user is configured to be related to the one role or more roles (Schreiber, col 8, lines 33: “… role 605 contains a user set of single user A1.”, see Fig. 6F user A1 is associated with roles 605, 610, 615 and 625).
Regarding claim 5 
The combination of Gullotta and Schreiber discloses:
The method according to claim 4, wherein customizing the form-field operation permission of an approver comprises (Gullotta, ¶62: “The System Configuration applications 112 may include an interface to a Form Generation application 114, invoked to provide custom forms for data managed by the system.”): 
selecting an approver from said approval node (Gullotta, ¶78: “If an approval is needed for a provisioning request, the Policy Engine 148 interfaces with a Workflow Engine 150 to notify and obtain authorization instructions from the appropriate authorization entity, which may be, for example, one or more users having pre-defined supervisory roles.”);  
25 displaying a default setting of the form-field operation permission after selecting the approver; (Gullotta, ¶135: “… the provisioning screen 700 may include explanatory text and boxes or fields into which information may be entered”); and 
and modifying the default setting of the form-field operation permission according to an approval item of the selected approver in a workflow (Gullotta, ¶135: “… the provisioning screen visible to the requesting user will only contain those fields for information that the user is capable of providing”).   
Regarding claim 7 
The combination of Gullotta and Schreiber discloses:
The method  according to claim 4, wherein  each of the one or more approvers is a role, the role is set in two modes (Gullotta, ¶69: “… approve or disapprove change requests …”),  directly selecting the role and authorizing an approval permission, or  determining the role according to a department level and  authorizing an approval permission (Gullotta , ¶69: “The interface may allow, for example, users acting in a supervisory role to approve or disapprove change requests” 
¶136: “… the provisioning screen 708 may include additional fields 710 and 712 which allows the manager to approve or disapprove the request, and, if approval is given, which department has given the approval”).  
Regarding claim 8 
The combination of Gullotta and Schreiber discloses:
The method  according to claim 7, wherein  each role  is configured to belong to a certain department,  a name of each role is unique under the department, and  a number of  each role is unique in a system (Gullotta, ¶136: “… the provisioning screen 708 may include additional fields 710 and 712 which allows the manager to approve or disapprove the request, and, if is given,  approval which department has given the approval.”
¶10: “A single user may appear in several or all of these organizational structures, and thus may be in a somewhat unique overall role as compared to other users in the organization. Because this may require that many users be provisioned uniquely, many unique roles would have to be defined in the system to automate such provisioning.”
¶120: “The role -based system would determine that roles 1 and 3 apply to user A … roles 2 and 3 apply to user B”
¶123: “… policy 1 of the policy-based system replaces roles 1 and 2 of the role-based system.”).   
Regarding claim 9 
The combination of Gullotta and Schreiber discloses:
The method according to claim 8, wherein during cross-department transfer of the user, the user's relation to one or more roles in an original department is cancelled, and the user is related to one or more roles in a new department (Gullotta, ¶126: “… if a user's roles or attributes should change, the policies are re-evaluated and a new list of resources to be provisioned are determined.”
¶15: “A particular advantage of RBAC is that it allows the access privileges provided to individuals to be very conveniently reconfigured as the individuals change job requirements, simply by deleting one's original assignment to a first role and adding one to the new role.”).  
Claims 6 is rejected under 35 U.S.C. 103 as being unpatentable over Gullotta, Schreiber, and further in view of USPAT No. 6,202,066 B1 to Barkley et al (hereinafter “Barkley”)
Regarding claim 6 
The combination of Gullotta and Schreiber discloses:
The method according to claim 5, but fails to explicitly disclose the following limitations taught by Barkley: 
wherein the default form-field operation permission is as follows: 
having  viewing permissions of form fields, and not having  modification permission of the form fields3having  viewing permissions and  modification permissions of the form fields; or not having  viewing permission or modification permission of the form fields (see Barkley ¶49: “Different kinds of access, that is, different sets of permissions, may be displayed … 
RGP-Admin displays the object icon in a third way, … in blue, if the selected role or group has any access, i.e., any permission to access the object”); or 
 5having all viewing permissions and all modification permissions of form fields (see Barkley ¶49: “… in green, if the selected role or group has all of the selected permissions”); or
 	not having any viewing permission or modification permission of form fields (see Barkley ¶49: “… red, if the selected role or group has no access to the object”).    
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Gullotta and Schreiber to incorporate the different default form-field operation permissions, colored differently, as disclosed by Barkley, such modification would provide increased system security by providing visual alerting feature(colorful) and limiting access permissions.
Claims 10 is rejected under 35 U.S.C. 103 as being unpatentable over Gullotta, Schreiber, and further in view of USPAT No. 9,864,752 B2 to Keng Lim (hereinafter “Lim”)
Regarding claim 10  
The combination of Gullotta and Schreiber discloses:
20 The method according to claim 4, but fails to explicitly disclose the following limitation taught by Lim:  
wherein when form fields comprise a confidential field and a common field, the confidential field and the common field are displayed in different modes (Lim ¶55: “If information to be displayed contains personal information such as a social security number, personal identification number (PIN) or account balance, then controlling information usage includes: filtering out or obscuring the personal information”). 
It would have been obvious to one of ordinary skill in the art before the effective filing date of the invention, to modify the teachings of the combination of Gullotta and Schreiber to incorporate the confidential personal information protection method as disclosed by Lim, such modification would provide increased system security by protecting confidential information from being compromised.
Conclusion
The prior art made of record and not relied upon is considered pertinent to applicant's disclosure:

Dixit et al.  (USPAT No. 8336078 B2)- disclosed a method for managing role-based access in a multi-customer computing environment
Kuhn. (USPAT No. 6023765 A)- disclosed control of  access of users to objects protected by known lattice-based multi-level secure systems.
Ben Chetrit et al. (USPAT No. 8763155 B1)- disclosed an access control system in which the access permissions of users are stated by logical functions on tags associated with protected elements.
Svetov et al. (USPAT No. 2011/0283281 A1)- disclosed a system and method for providing complex access control in workflows.
Applicant's amendment necessitated the new ground(s) of rejection presented in this Office action.  Accordingly, THIS ACTION IS MADE FINAL.  See MPEP § 706.07(a).  Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a).  
A shortened statutory period for reply to this final action is set to expire THREE MONTHS from the mailing date of this action.  In the event a first reply is filed within TWO MONTHS of the mailing date of this final action and the advisory action is not mailed until after the end of the THREE-MONTH shortened statutory period, then the shortened statutory period will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of the advisory action.  In no event, however, will the statutory period for reply expire later than SIX MONTHS from the date of this final action.
Any inquiry concerning this communication or earlier communications from the examiner should be directed to MATTHIAS HABTEGEORGIS whose telephone number is (571)272-1916. The examiner can normally be reached M-F 8am-5pm ET.
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) at http://www.uspto.gov/interviewpractice.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Ashok B Patel can be reached on (571)272-3972. The fax phone number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of published or unpublished applications may be obtained from Patent Center. Unpublished application information in Patent Center is available to registered users. To file and manage patent submissions in Patent Center, visit: https://patentcenter.uspto.gov. Visit https://www.uspto.gov/patents/apply/patent-center for more information about Patent Center and https://www.uspto.gov/patents/docx for information about filing in DOCX format. For additional questions, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a USPTO Customer Service Representative, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000.
/M.H./Examiner, Art Unit 2491                                                                                                                                                                                                        


/ASHOKKUMAR B PATEL/Supervisory Patent Examiner, Art Unit 2491