Appeal No. 2006-2936 Application No. 10/013,714 irrespective of whether the actual request originates from the user or a program. Further, the ordinarily skilled artisan would have readily appreciated that the request by the “claimed” program to access the database is representative of an action or the desire of a user/developer of that program. Hence, by setting permission levels for the user or the program, both Britton and the presently claimed invention implicitly specify permission levels for the interface program, which directly interacts with the database. Appellant argued at the oral hearing that Britton does not indicate whether the validation and authentication of the user occurs before or after the user interacts with the interface program. Appellant then submitted that in the event that the user validation takes place before interacting with the program interface, Britton would only teach making access permission for the user, and not the program. It is our view that the ordinarily skilled artisan would have readily recognized from Britton’s teachings that the access control list (ACL) (300), which serves the role of a gatekeeper for the database, is also part of the database. Therefore, user identification and permission data must be forwarded via the program interface to the ACL before they can access a particular level in the 13Page: Previous 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 NextLast modified: November 3, 2007