DETAILED ACTION
This Office Action is in response to the communication filed on 02/17/2026.
The present application, filed on or after March 16, 2013, is being examined under the first inventor to file provisions of the AIA .
Claims 1-17 and 20-22 have been examined and are pending; claims 1, 14, and 20 are independent.
Continued Examination Under 37 CFR 1.114
A request for continued examination under 37 CFR 1.114, including the fee set forth in 37 CFR 1.17(e), was filed in this application after final rejection. Since this application is eligible for continued examination under 37 CFR 1.114, and the fee set forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action has been withdrawn pursuant to 37 CFR 1.114. Applicant’s submission filed on 02/17/2026has been entered.
Information Disclosure Statement
The information disclosure statement (IDS), submitted on 02/17/2026 and 03/30/2026, are in compliance with the provisions of 37 CFR 1.97. Accordingly, the information disclosure statement is being considered by the examiner.
Response to Arguments/Remarks
A new ground of rejection is applied with new PriorArt combination that is necessitated based on the PriorArt found in the review of Applicant submitted IDS and further examination process.
Claim Rejections - 35 USC § 103
The following is a quotation of 35 U.S.C. 103 which forms the basis for all obviousness rejections set forth in this Office action:
A patent for a claimed invention may not be obtained, notwithstanding that the claimed invention is not identically disclosed as set forth in section 102 of this title, if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains. Patentability shall not be negated by the manner in which the invention was made.
This application currently names joint inventors. In considering patentability of the claims the Examiner presumes that the subject matter of the various claims was commonly owned as of the effective filing date of the claimed invention(s) absent any evidence to the contrary. Applicant is advised of the obligation under 37 CFR 1.56 to point out the inventor and effective filing dates of each claim that was not commonly owned as of the effective filing date of the later invention in order for the Examiner to consider the applicability of 35 U.S.C. 102(b)(2)(C) for any potential 35 U.S.C. 102(a)(2) prior art against the later invention.
Claims 1-17 and 20-21 are rejected under 35 U.S.C. 103 as being unpatentable over Hen et al (“Hen,” US 2023/0110080 filed on 10/07/2021), in view of Scott et al (“Scott,” US 10,320,802, patented on 06/11/2019), and in view of Lukanov et al (“Lukanov,” US 2020/0274881 published on 08/27/2020).
As to claim 1, Hen teaches a method (Hen: pars 0007, 0010-0012, 0033, technology involving method and system for data access rule in a multi-tenant(subscriber/user) computing resource system applying association of user identification with role binding data and role to access rules data), comprising:
receiving, by a data management system, a first indication of an assignment of a first role to a user of the data management system, wherein the data management system is operable to provide protection for data sources associated with one or more tenants of the data management system, and wherein the assigned first role is associated with a first set of permissions for configuring resources of the data management system (Hen: pars 0010-0012, 0032-0033, in the multiple subscriber users or tenants resource system, tenants’ identity is configuration with respect to each of their domains, binding [i.e., role assignment] data and role to access rules [i.e., permission configuration] data for controlling secure access permission to a set of resource [i.e. there is a mapping (indication) of a first tenant’s role and permission access to a portion of resource]);
receiving, by the data management system, a second indication of an association between a tenant of the one or more tenants and the user, the tenant being associated with a second set of permissions for configuring the resources of the data management system (Hen: pars 0010-0012, 0032-0033, tenants’ identity is configuration with respect to each of their domains, binding [i.e., role assignment] data and role to access rules [i.e., permission configuration] data for controlling secure access permission to a set of resource [i.e. there is s mapping (indication) of a second tenant’s role and permission access to a portion of resource]); and
Hen does not explicitly teach assigning, based on the first indication and the second indication, a third set of permissions to the user for configuring the resources of the data management system, the third set of permissions being permissions included in both the first set of permissions and the second set of permissions.
However, in an analogous art, Scott teaches assigning, based on the first indication and the second indication, a third set of permissions to the user for configuring the resources of the data management system (Scott: col 4, lines 34-67, col 5, lines 1-6, 48-62; Fig 3, a graphing technique to shows connections within an organization where user A’s [i.e., tenant/first tenant] has access permission [i.e. third set of permission] to security_group_1 [i.e., first set of security access permission] and access permission to security_group_2 [i.e., second set of security access permission] for accessing to certain secure data and performing job functions under the same security group, for easy view and analysis of combined access permission).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Scott with the method/system of Hen to include the limitation(s), assigning, based on the first indication and the second indication, a third set of permissions to the user for configuring the resources of the data management system, the third set of permissions being permissions included in both the first set of permissions and the second set of permissions, where one would have been motivated for the benefit of providing a user with a means for easy view and combined permission links in a multi-tenant/user connection network to a set of resources (Scott: col 4, lines 34-67, col 5, lines 1-6, 48-62).
Hen or Scott does not explicitly teach the limitation, the third set of permissions being permissions that are common both the first set of permissions and the second set of permissions.
However, in an analogous art, Lukanov teaches the limitation, the third set of permissions being permissions that are common both the first set of permissions and the second set of permissions (Lukanov: pars 0033-0034; Fig 3A, 3B, a hybrid access control technique, where sub-system 326 permission [i.e., third set permission], where the control settings are assigned from root sub-system 312, sub-system 326 [i.e., the settings are in common for both sub-system 312’s permission set and sub-system 314’s permission set, creating a new user group domain 340, in addition to the main user group domain 330).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Lukanov with the method/system of Hen and Scott to include the limitation(s), the third set of permissions being permissions that are common both the first set of permissions and the second set of permissions, where one would have been motivated for the benefit of providing a user with a means for creating a separate new domain with a third permission set, where the permissions are common in both first and second permission sets, and controlling/adjusting the third permission set for controlling access of the user of the new user domain independently from the main user group domain (Lukanov: pars 0033-0034; Fig 3A, 3B).
As to claim 2, the combination of Hen, Scott, and Lukanov teaches the method of claim 1,
Hen and Scott teaches of further comprising: receiving a third indication, via a user interface view associated with an administrator of the data management system, of an association between the tenant and the second set of permissions (Hen: pars 0034-0046, an administrator can view the tenants’’ role and access rule [i.e., permission configuration] data for controlling and managing the configuration. Scott: col 4, lines 34-67, col 5, lines 1-6, 48-62; Fig 3, a graphing technique to shows connections within an organization where user A’s [i.e., tenant/first tenant] has access permission [i.e. third set of permission] to security_group_1 [i.e., first set of security access permission] and access permission to security_group_2 [i.e., second set of security access permission] for accessing to certain secure data and performing job functions under the same security group, for easy view and analysis of combined access permission. Where a system administrator and/or security analyst may view the graph and identify users and the security group permission network).
As to claim 3, the combination of Hen, Scott, and Lukanov teaches the method of claim 2,
Hen further teaches wherein receiving the first indication comprises: receiving the first indication via a second user interface view associated with the tenant (Hen: pars 0010-0012, 0032-0033, in the multiple subscriber users or tenants resource system, tenants’ identity is configuration with respect to each of their domains, binding [i.e., role assignment] data and role to access rules).
As to claim 4, the combination of Hen, Scott, and Lukanov teaches the method of claim 1,
Scott teaches of further comprising: receiving, by the data management system, a third indication of a second assignment of a second role to a second user of the data management system, wherein the assigned second role is associated with a fourth set of permissions for configuring the resources of the data management system; receiving, by the data management system, a fourth indication of a second association between the tenant and the second user; and assigning, based on the third indication and the fourth indication, a fifth set of permissions to the second user for configuring the resources of the data management system, the fifth set of permissions being permissions included in both the fourth set of permissions and the second set of permissions (Scott: col 4, lines 34-67, col 5, lines 1-6, 48-62; Fig 3, a graphing technique to shows connections within an organization where user A’s [i.e., tenant/first tenant] has access permission [i.e. fifth set of permission] to security_group_2 [i.e., second set of security access permission] and access permission to security_group_3 [i.e., furth set of security access permission] for accessing to certain secure data and performing job functions under the same security group, for easy view and analysis of combined access permission).
As to claim 5, the combination of Hen, Scott, and Lukanov teaches the method of claim 1,
Scott further teaches further comprising: receiving, by the data management system, a third indication of a second assignment of a second role to a second user of the data management system, wherein the assigned second role is associated with a fourth set of permissions for configuring the resources of the data management system; receiving, by the data management system, a fourth indication of a third association between a second tenant of the one or more tenants and the second user, the second tenant being associated with a fifth set of permissions for configuring the resources of the data management system; and assigning, based on the third indication and the fourth indication, a sixth set of permissions to the second user for configuring the resources of the data management system, the sixth set of permissions being permissions included in both the fourth set of permissions and the fifth set of permissions (Scott: col 4, lines 34-67, col 5, lines 1-6, 48-62; Fig 3, a graphing technique to shows connections within an organization where user B’s [i.e., tenant/second-tenant] has access permission [i.e. 6th set of permission] to security_group_2 [i.e., second set of security access permission] and access permission to security_group_1 [i.e., furth set of security access permission] for accessing to certain secure data and performing job functions under the same security group, for easy combined access permission).
As to claim 6, the combination of Hen, Scott, and Lukanov teaches the method of claim 1,
Hen and Scott further teaches further comprising: presenting, via a user interface view associated with the user, information associated with configuring the resources of the data management system in accordance with the third set of permissions (Hen: pars 0034-0046, an administrator can view the tenants’’ role and access rule [i.e., permission configuration] data for controlling and managing the configuration. Scott: col 4, lines 34-67, col 5, lines 1-6, 48-62; Fig 3, a graphing technique to shows connections within an organization where user A’s [i.e., tenant/first tenant] has access permission [i.e., third set of permission]. A system administrator and/or security analyst may view the graph and identify users and the security group permission network).
As to claim 7, the combination of Hen, Scott, and Lukanov teaches the method of claim 1,
Scott further teaches further comprising: receiving, by the data management system, a third indication of an updated second set of permissions associated with the tenant; and updating, based at least in part on the third indication, the third set of permissions, the updated third set of permissions being permissions included in both the first set of permissions and the updated second set of permissions (Scott: col 4, lines 34-67, col 5, lines 1-6, 48-62; Fig 3, a graphing technique to shows connections within an organization where user A’s [i.e., tenant/first tenant] has access permission [i.e. third set of permission] to security_group_1 [i.e., first set of security access permission] and access permission to security_group_2 [i.e., second set of security access permission] for accessing to certain secure data and performing job functions under the same security group, for reconsidering as combined access permission. Col 6, lines 46-48, permission for security group can be changed as need [i.e., the mapped second set of permission can be changed]).
As to claim 8, the combination of Hen, Scott, and Lukanov teaches the method of claim 1,
Scott further teaches wherein the third set of permissions comprise access to a subset of resources of the data management system (Scott: col 4, lines 34-67, col 5, lines 1-6, 48-62; Fig 3, user A’s [i.e., tenant/first tenant] has access permission [i.e., third set of permission] to security_group_1 [i.e., a subset of resource access permission] and access permission to security_group_2 [i.e., another subset of resource access permission] for accessing to certain secure data resource).
As to claim 9, the combination of Hen, Scott, and Lukanov teaches the method of claim 1,
Scott further teaches wherein the third set of permissions comprise a first permission for configuring a first subset of the resources of the data management system and a second permission for configuring a second subset of the resources of the data management system (Scott: col 4, lines 34-67, col 5, lines 1-6, 48-62; Fig 3, user A’s [i.e., tenant/first tenant] has access permission [i.e., third set of permission] to security_group_1 [i.e., first subset of resource access permission] and access permission to security_group_2 [i.e., second subset of resource access permission] for accessing to certain secure data resource).
As to claim 10, the combination of Hen, Scott, and Lukanov teaches the method of claim 9,
Hen and Scott further teaches wherein the first permission precludes modification of the first subset of the resources of the data management system and the second permission permits modification of the second subset of the resources of the data management system (Hen: pars 0034-0046, an administrator can view the tenants’ role and access rule [i.e., permission configuration] data for controlling and managing the configuration. Scott: col 4, lines 34-67, col 5, lines 1-6, 48-62; Fig 3, a graphing technique to shows connections within an organization where user A’s [i.e., tenant/first tenant] has access permission [i.e., third set of permission] to security_group_1 [i.e., first subset of resource access permission] and access permission to security_group_2 [i.e., second subset of resource access permission]. A system administrator and/or security analyst may view the graph and identify users and the security group permission network [i.e., modification of the first subset of permission and second subset any of permission can be permitted or precluded based on the administrator’s policy]).
As to claim 11, the combination of Hen, Scott, and Lukanov teaches the method of claim 9,
Scott further teaches: wherein the first subset of the resources of the data management system comprises a first data management cluster and the second subset of the resources of the data management system comprises a second data management cluster, or the first subset of the resources of the data management system comprises a first computing object and the second subset of the resources of the data management system comprises a second computing object (Scott: col 4, lines 34-67, col 5, lines 1-6, 48-62; Fig 3, user A’s [i.e., tenant/first tenant] has access permission [i.e., third set of permission] to security_group_1 [i.e., first subset of resource access permission] for first part of data resource, and access permission to security_group_2 [i.e., second subset of resource access permission] for accessing to second part of data resource).
As to claim 12, the combination of Hen, Scott, and Lukanov teaches the method of claim 1,
Hen and Scott further teaches further comprising: receiving, by the data management system, via a second user interface view associated with the tenant, a third indication of a creation of the first role, the creation of the first role comprising an association of the first set of permissions with the first role (Hen: pars 0034-0046, an administrator can view the tenants’’ role and access rule [i.e., permission configuration] data for controlling and managing the configuration. Scott: col 4, lines 34-67, col 5, lines 1-6, 48-62; Fig 3, a graphing technique to shows connections within an organization where user A’s [i.e., tenant/first tenant] has access permission [i.e., third set of permission] to security_group_1 [i.e., first set of security access permission] and access permission to security_group_2 [i.e., second set of security access permission]. A system administrator and/or security analyst may view the graph and identify users and the security group permission network).
As to claim 13, the combination of Hen, Scott, and Lukanov teaches the method of claim 1,
Hen and Scott teaches of further comprising: receiving, by the data management system, via a second user interface view associated with the tenant, a third indication of an association of the first set of permissions with the role (Hen: pars 0034-0046, an administrator can view the tenants’ role and access rule [i.e., permission configuration] data for controlling and managing the configuration. Scott: col 4, lines 34-67, col 5, lines 1-6, 48-62; Fig 3, a graphing technique to shows connections within an organization where user A’s [i.e., tenant/first tenant] has access permission [i.e., third set of permission] to security_group_1 [i.e., first set of security access permission] and access permission to security_group_2 [i.e., second set of security access permission]. A system administrator and/or security analyst may view the graph and identify users and the security group permission network).
As to claim 14, the claim is directed to an apparatus and the scope of the claim limitations is similar to the scope of claim 1, and therefore, rejected for the same reason set forth above for claim 1.
As to claims 15 and 16, the limitations of the claims are similar to the claims 2 and 3, respectively, and are rejected for the same reasons set forth above for claims 2 and 3.
As to claim 17, the limitations of the claims are similar to the claim 4, and is rejected for the same reasons set forth above for claim 4.
As to claim 20, the claim is directed to a computer-readable medium and the scope of the claim limitations is similar to the scope of claim 1, and therefore, rejected for the same reason set forth above for claim 1.
As to claim 21, the combination of Hen, Scott, and Lukanov teaches the method of claim 1,
Scott teaches of further comprising: receive, by the data management system, a request to configure the resources of the data management system in accordance with access to a fourth set of permissions; and authorizing access to the fourth set of permissions based at least in part on the fourth set of permissions being included in the second set of permissions (Scott: col 4, lines 34-67, col 5, lines 1-6, 48-62; Fig 3, a graphing technique to shows connections within an organization where user A’s [i.e., tenant/first tenant] has access permission [i.e. fifth set of permission] to security_group_2 [i.e., second set of security access permission] and access permission to security_group_3 [i.e., furth set of security access permission] for accessing to certain secure data and performing job functions under the same security group, for easy view and analysis of combined access permission).
Claim 22 is rejected under 35 U.S.C. 103 as being unpatentable over Hen et al (“Hen,” US 2023/0110080 filed on 10/07/2021), in view of Scott et al (“Scott,” US 10,320,802, patented on 06/11/2019), and further in view of Lukanov et al (“Lukanov,” US 2020/0274881 published on 08/27/2020) and Dageville et al (“Dageville,” US 2022/0207169 filed on 06/30/2022).
As to claim 22, the combination of Hen, Scott, and Lukanov teaches the method of claim 1,
Hen, Scott, or Lukanov does not exclusively teach wherein the first set of permissions comprises a read-write permission for a first computing resource, wherein the second set of permissions comprises a read-only permission for the first computing resource, and wherein the third set of permissions comprises the read-only permission for the first computing resource based at least in part on the read-write permission exceeding the read-only permission for the first computing resource.
However, in an analogous art, Dageville teaches wherein the first set of permissions comprises a read-write permission for a first computing resource, wherein the second set of permissions comprises a read-only permission for the first computing resource, and wherein the third set of permissions comprises the read-only permission for the first computing resource based at least in part on the read-write permission exceeding the read-only permission for the first computing resource (Dageville: pars 0030-0033; Fig 4-8, roles and permission set structure mapping with resource object and schema where each role has various set of permissions, such as, see/read and write permissions of the various set of resource object and schema. Where a role can have read and write permission of one resource, and only read permission from another resources. As an optional schema and permission set structure mapping, such as directed to fig 8, a different role can have access permission to resource object D3 and resource object D2 that is also mapped to another role. In that case, if the D2 and D3 has read only permission, permission set associated with role R3 has extended the read permission with the read permission of D2 as a combination).
Therefore, it would have been obvious to one of ordinary skill in the art before the effective filing date of the claimed invention to combine the teachings of Dageville with the method/system of Hen, Scott, and Lukanov to include the limitation(s), wherein the first set of permissions comprises a read-write permission for a first computing resource, wherein the second set of permissions comprises a read-only permission for the first computing resource, and wherein the third set of permissions comprises the read-only permission for the first computing resource based at least in part on the read-write permission exceeding the read-only permission for the first computing resource, where one would have been motivated for the benefit of providing a user with a means for creating role to permission set mapping, by adding a read-only permission set to a resource to another read-only permission to another resource for virtually creating a new permission set to map to a role, as the system finds fit to do so for controlling user access to resource set in shared resource environment (Dageville: pars 0030-0033; Fig 4-8).
Conclusion
Any inquiry concerning this communication or earlier communications from the examiner should be directed to Jahangir Kabir whose telephone number is (571) 270-3355. The examiner can normally be reached on 9:00- 5:00 Mon-Thu.
If attempts to reach the examiner by telephone are unsuccessful, the examiner’s supervisor, Luu Pham can be reached on (571) 270-5002. The fax number for the organization where this application or proceeding is assigned is 571-273-8300.
Information regarding the status of an application may be obtained from Patent Center and the Private Patent Application Information Retrieval (PAIR) system. Status information for published applications may be obtained from Patent Center or Private PAIR. Status information for unpublished applications is available through Patent Center and Private PAIR for authorized users only. Should you have questions about access to the Private PAIR system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free).
Examiner interviews are available via telephone, in-person, and video conferencing using a USPTO supplied web-based collaboration tool. To schedule an interview, applicant is encouraged to use the USPTO Automated Interview Request (AIR) Form at https://www.uspto.gov/patents/uspto-automated- interview-request-air-form.
/JAHANGIR KABIR/ Primary Examiner, Art Unit 2439