Permissions for activities must be more specific to prevent that anyone can validate its own activity