To know the user has roles for developer and administrator

Similar Messages

• How to check if the user has only the display authority of a message

  hi,
  How to check if the user has only the display authority of a message but does not have the change authority for a certain message?
  Best regards,

  hi blake
  though i am an application consultant and for authorisation u need to have help of BASIS person if u r not the one but still i can guide u regarding the same,
  Basically Authorization Management 
  Use
  You can use the following authorization objects to control the authorizations for maintaining business partner data:
  •        Authorization objects for the Business Partner:
  •             B_BUPA_GRP
  •             B_BUPA_ATT
  •             B_BUPA_FDG
  •             B_BUPA_RLT•       
  Authorization objects for relationships:
  •             B_BUPR_BZT
  •             B_BUPR_FDG
  In addition, you can assign an authorization group to a business partner in the dialog. The authorization group controls which users may maintain data for this business partner.
  You can also define authorizations for fields and field groups using the Business Data Toolset (BDT). Depending on the settings you have made, the system carries out the relevant authorization checks.
  In the dialog in the SAP GUI, you can display an overview of the authorizations assigned to you by pressing the button Settings.
  For more information on authorization management, see the Implementation Guide (IMG) of the Business Partner, as well as in the Developer’s Handbook for the BDT under  Authorizations.
  IntegrationAuthorization management for the Business Partner forms part of the  SAP authorization concept.
  Prerequisites
  You have made the necessary settings in Customizing of the Business Partner under Basic Settings--> -Address Management.
  Moving over
  AS ABAP Authorization Concept 
  The ABAP authorization concept protects transactions, programs, and services in SAP systems from unauthorized access. On the basis of the authorization concept, the administrator assigns authorizations to the users that determine which actions a user can execute in the SAP system, after he or she has logged on to the system and authenticated himself or herself.
  To access business objects or execute SAP transactions, a user requires corresponding authorizations, as business objects or transactions are protected by authorization objects. The authorizations represent instances of generic authorization objects and are defined depending on the activity and responsibilities of the employee. The authorizations are combined in an authorization profile that is associated with a role. The user administrators then assign the corresponding roles using the user master record, so that the user can use the appropriate transactions for his or her tasks.
  Authorization Checks 
  To ensure that a user has the appropriate authorizations when he or she performs an action, users are subject to authorization checks.
  The following actions are subject to authorization checks that are performed before the start of a program or table maintenance and which the SAP applications cannot avoid:
  •        Starting SAP transactions (authorization object S_TCODE)
  •        Starting reports (authorization object S_PROGRAM)
  •        Calling RFC function modules (authorization object S_RFC)
  •        Table maintenance with generic tools (S_TABU_DIS)
  Checking at Program Level with AUTHORITY-CHECK
  Applications use the ABAP statement AUTHORITY-CHECK, which is inserted in the source code of the program, to check whether users have the appropriate authorization and whether these authorizations are suitably defined; that is, whether the user administrator has assigned the values required for the fields by the programmer. In this way, you can also protect transactions that are called indirectly by other programs.
  AUTHORITY-CHECK searches profiles specified in the user master record to see whether the user has authorization for the authorization object specified in the AUTHORITY-CHECK. If one of the authorizations found matches the required values, the check is successful.
  Starting SAP Transactions
  When a user starts a transaction, the system performs the following checks:
  •        The system checks in table TSTC whether the transaction code is valid and whether the system administrator has locked the transaction.
  •        The system then checks whether the user has authorization to start the transaction.
  The SAP system performs the authorization checks every time a user starts a transaction from the menu or by entering a command. Indirectly called transactions are not included in this authorization check. For more complex transactions, which call other transactions, there are additional authorization checks.
  •             The authorization object S_TCODE (transaction start) contains the field TCD (transaction code). The user must have an authorization with a value for the selected transaction code.
  •             If an additional authorization is entered using transaction SE93 for the transaction to be started, the user also requires the suitable defined authorization object (TSTA, table TSTCA).
  If you create a transaction in transaction SE93, you can assign an additional authorization to this transaction. This is useful, if you want to be able to protect a transaction with a separate authorization. If this is not the case, you should consider using other methods to protect the transaction (such as AUTHORITY-CHECK at program level).
  •        The system checks whether the transaction code is assigned an authorization object. If so, a check is made that the user has authorization for this authorization object.
  The check is not performed in the following cases:
  You have deactivated the check of the authorization objects for the transaction (with transaction SU24) using check indicators, that is, you have removed an authorization object entered using transaction SE93. You cannot deactivate the check for objects from the SAP NetWeaver and HR areas.
  This can be useful, as a large number of authorization objects are often checked when transactions are executed, since the transaction calls other work areas in the background. In order for these checks to be executed successfully, the user in question must have the appropriate authorizations. This results in some users having more authorization than they strictly need. It also leads to an increased maintenance workload. You can therefore deactivate authorization checks of this type in a targeted manner using transaction SU24.
  •             You have globally deactivated authorization objects for all transactions with transaction SU24 or transaction SU25.
  •             So that the entries that you have made with transactions SU24 and SU25 become effective, you must set the profile parameter AUTH/NO_CHECK_IN_SOME_CASES to “Y” (using transaction RZ10).
  All of the above checks must be successful so that the user can start the transaction. Otherwise, the transaction is not called and the system displays an appropriate message.
  Starting Report Classes
  You can perform additional authorization checks by assigning reports to authorization classes (using report RSCSAUTH). You can, for example, assign all PA* reports to an authorization class for PA (such as PAxxx). If a user wants to start a PA report, he or she requires the appropriate authorization to execute reports in this class.
  We do not deliver any predefined report classes. You must decide yourself which reports you want to protect in this way. You can also enter the authorization classes for reports with the maintenance functions for report trees. This method provides a hierarchical approach for assigning authorizations for reports. You can, for example, assign an authorization class to a report node, meaning that all reports at this node automatically belong to this class. This means that you have a more transparent overview of the authorization classes to which the various reports are transported.
  You must consider the following:
  •     •         After you have assigned reports to authorization classes or have changed assignments, you may have to adjust objects in your authorization concept (such as roles (activity groups), profiles, or user master records).
  •     •         There are certain system reports that you cannot assign to any authorization class. These include:
  •     •         RSRZLLG0
  •     •         STARTMEN (as of SAP R/3 4.0)
  •     •         Reports that are called using SUBMIT in a customer exit at logon (such as SUSR0001, ZXUSRU01).
  •     •         Authorization assignments for reports are overwritten during an upgrade. After an upgrade, you must therefore restore your customer-specific report authorizations.
  Calling RFC Function Modules
  When RFC function modules are called by an RFC client program or another system, an authorization check is performed for the authorization object S_RFC in the called system. This check uses the name of the function group to which the function module belongs. You can deactivate this check with parameter auth/rfc_authority_check.
  Checking Assignment of Authorization Groups to Tables
  You can also assign authorization groups to tables to avoid users accessing tables using general access tools (such as transaction SE16). A user requires not only authorization to execute the tool, but must also have authorization to be permitted to access tables with the relevant group assignments. For this case, we deliver tables with predefined assignments to authorization groups. The assignments are defined in table TDDAT; the checked authorization object is S_TABU_DIS.
  You can assign a table to authorization group Z000. (Use transaction SM30 for table TDDAT) A user that wants to access this table must have authorization object S_TABU_DIS in his or her profile with the value Z000 in the field DICBERCLS (authorization group for ABAP Dictionary objects).
  please See also:
  •        SAP Notes 7642, 20534, 23342, 33154, and 67766
  guess this info will help you,there is one graphic which actually explain the hierarchy of authorisation,i will find some time out to let u know more info about the authorisation
  but if u sit with ur BASIS guy then u can learn lot of things in PFCG
  i guess u r a basis guy,then its not a problem
  best regards
  ashish

• Is it possible to create a variable that tells you which slides the user has visited?

  Hi there.
  I'm working on a project where I want a slide to show a continue button and hide 2 textboxes, but ONLY when the user has already visited 2 other slides. I can only find variables that tell you the slide the user previously visited.
  Is it possible to set up a variable that does this?
  I want to create the following advanced action:
  If the user has visited slides 62 AND 87, show image_536 and hide text_caption_243 and text_caption_242
  I don't want the action to happen if only 1 of the 2 slides have been visited - it has to happen when both have been visited.
  Hope that makes sense.
  I'm using Captivate 7.
  Thanks.

  You will need two variables, it can be booleans. I'll label them v_one and v_two with a default value of 0
  Since I don't know how the slides are formatted, do you use a Next button or are all the slide frames visited? You'll need to have an event on those two slides to trigger an action:
  Assign v_one with 1     on slide 62
  And a similar action on the other slide to toggle v_two (do not use the toggle command, if the user visits a slide twice, it would be toggled back to 0).
  You didn't specify where those text containers have to be (please, label your objects and slides)? But you'll need conditional advanced action triggered by another event somewhere:
     IF v_one is equal to 1   AND
         v_two is equal to 1
    Show text1
    Show text2

• How can I know the name of the file that the user has currently open ?

  Hello
  I'm developing a module for x3dv.
  http://hiperia3d.blogspot.com/search/label/X3DV%20Module%20For%20Netbeans
  I am going to add a button to open the files when I click it.
  I just need to know how can I know the name of the file that the user has currently open in the editor. What variable holds it in Netbeans?
  Thank you
  Jordi

  If you are using the JFileChooser to open the document, I would create another class with this included:
  //initiate class variables
  private File f;
  //create JFileChooser
  JFileChooser fc = new JFileChooser();
  fc.setMultiSelectionEnabled(false);
  fc.setFileSelectionMode(JFileChooser.FILES_ONLY)
  //set the chooser to initialise File f with the file selected
  int status = fc.showOpenDialog(null);
  if (status == JFileChooser.APPROVE_OPTION)
       f = fc.getSelectedFile();
  public File getFile()
       return f;
  }

• How do I sign my VB / VS 2010 based shared COM add-in for Excel so it loads when the user has checked "Require application add-ins to be signed by a trusted publisher"?

  My COM add-in is developed using VS 2010 and VB. It's a shared COM add-in (not VSTO) and it works with Excel 2007 - 2013. My installer is signed with a code signing certificate but it would appear that my add-in's .dll should also be signed if the user has
  checked the "Require application add-ins to be signed by a trusted publisher" option.
  The "Sign the assembly" option is checked in my add-in's VB -> My Project -> Signing. I have a .snk file selected which I seem to recall generating 6 or 7 years ago when I ported the COM add-in from VB6 to .NET. 
  I have an up-to-date Comodo code signing certificate (a pfx file called MyCompanyCodeSigningCertificatePrivateKey.pfx) which I purchased to use with the installer and was wondering if and how I could use this.
  I tried selecting my pfx file in the My Project -> Signing -> "Choose a strong name key file" dialog. It made a copy of the pfx file in my project folder but when I tried to build the project, I got the following error:
  Error 1 Cannot import the following key file: MyCompanyCodeSigningCertificatePrivateKey.pfx. The key file may be password protected. To correct this, try to import the certificate again or manually install the certificate to the Strong Name CSP with the
  following key container name: VS_KEY_C0B6F251F0FB6016
  After a little research, I found out I might be able to use signtool to sign the dll in a post-build step.
  I added the following command to the post-build event, before the command I use to regasm the assembly.
  "path to signtool\signtool" sign /f "MyCompanyCodeSigningCertificatePrivateKey.pfx" /p "xxxx" /v "$(TargetPath)"
  When I built the project, the dll appeared to get signed (the output window showed a bunch of confirming text as well as "Successfully signed: c:\MyAddIn\bin\Release\MyAddIn.dll") but the next step in the post-build (regasm myaddin.dll /codebase)
  issued a warning RA0000 (see below) but reported "Types registered successfully".
  Here's the message I get from regasm, even though the output window says the dll was sucessfully signed:
  RegAsm : warning RA0000: Registering an unsigned assembly with /codebase can cause your assembly to interfere with other applications that may be installed on the same computer. The /codebase switch is intended to be used only with signed assemblies. Please give your assembly a strong name and re-register it.
  Types registered successfully
  I'm not using a shim if that makes a difference.
  How do I sign my add-in so it loads when the user has checked "Require application add-ins to be signed by a trusted publisher"?
  Any tips would be appreciated.

  Hello,
  Why do you need to use the regasm utility from the post-build action?
  There is a difference between signing the assembly with a strong name and digital signature. The
  How to: Sign an Assembly with a Strong Name article in MSDN explains how to sign an assembly with a strong name (.snk). See
  How to digitally sign a strong named assembly for adding a digital signature.
  You may also find the
  What's the Difference, Part Five: certificate signing vs strong naming article helpful.

• Hi, I bought a second hand iphone 4s and seller has blocked it and reset it know the iphone is asking for a  email and password that the seller was using, I can't contact him know and i'm left with an Iphone that is useless, can you help ma please?

  hi, I bought a second hand iphone 4s and seller has blocked it and reset it know the iphone is asking for a  email and password that the seller was using, I can't contact him know and i'm left with an Iphone that is useless, can you help ma please?

  Sorry, there is nothing you can do until the device is removed from the sellers Apple ID.
  Without that, your device can't be used, check these articles:
  iCloud: Find My iPhone Activation Lock in iOS 7
  Find My iPhone Activation Lock: Removing a device from a previous owner’s account

• Allowing Airwatch MDM access to the Captive-Portal guest users in pre-auth role for android and BB?

  Requirement:
  How to allow Airwatch MDM access to the Captive-Portal guest users in pre-authentication role for Android and Blackberry devices?
  What is Airwatch MDM?
  Airwatch MDM is Mobile Device Management. The Airwatch is an enterprise which helps to manage and secure data traveling through the mobile devices like Laptops, Tablets, Android, iPhones, iPads etc.
  Solution:
  Why we need to allow access to Airwatch MDM?
  The network administrator can force the guest users to register to Airwatch MDM before they get authenticated and access the internet. So that the network administrator could manage the guest devices through Airwatch Management tool. This can be achieved by CPPM server. To download the Airwatch MDM app and register with the Airwatch MDM server certain domains should be permitted in the captive portal pre-authentication role. This KB provides the configuration steps to allow the guest users to download the Airwatch MDM app and register with the Airwatch MDM server.
  Configuration:
  Below is the configuration
  Configuration steps:
  1. Create the following netdestinations
  netdestination Airwatch
    name *.awagent.com
    name *.awmdm.com
    name air-watch.com
  netdestination Google-Play
    name android.clients.google.com
    name .ggpht.com
    name gstatic.com
    name accounts.google.com
    name clients1.google.com
    name clients2.google.com
    name clients3.google.com
    name clients4.google.com
    name i.ytimg.com
    name google-analytics.com
    name .1e100.net
    name android.l.google.com
    name mtalk.google.com
    name clients.l.google.com
    name googleapis.com
    name gvt1.com
  netdestination BlackBerry
    name *.blackberry.com
  2. Now define the rules in the session acl and map it to the pre-authentication Role of the captive portal.
  ip access-list session Airwatch_Access
    any   alias Airwatch svc-http  permit
    any   alias Airwatch svc-https  permit
  ip access-list session Google-Play-Store
                 any   alias Google-Play any permit
  ip access-list session BlackBerry-Access
                 any   alias BlackBerry any permit
  3. Now map the session ACLs to captive-portal pre-authentication Role as follows
  user-role Guest-Pre-Auth-Role
   access-list session Airwatch_Access
   access-list session Google-Play-Store
   access-list session BlackBerry-Access
   access-list session logon-control
   access-list session captiveportal
  4. Now whitelist the list of domain names in the Captive Portal profle
  aaa authentication captive-portal Airwatch-Captive-Portal-Profile
  white-list Airwatch
  white-list Google-Play                                                                                ------------>Netdestinations where you defined the Domains.
  white-list BlackBerry
  Verification
  Now the user will be placed under the "Guest-Pre-Auth-Role" before the authentication. The user can now go the Google Play-Store or BlackBerry Appworld to download the Airwatch MDM and register to Airwatch Management Server.

  Thanks so much getting these names listed out. I have been working on this very issue for a few weeks and was basing my firewall rules on IP's. It was not going well. Now access is working and testing can commence!  Thanks,Chris

• I need to know the user who has created/modified a SAP Bex Query and WAD

  Hi!
  I need to know the user who has created and modified a SAP Bex Query and SAP  Web Application Designer. Does it possible to know this information by a table or view?
  Best Regards
  Ramon Sanchez

  Hi,
  In BEx query, when you click "Queries" to open the query, the list of queries are displayed. Highlight the query, click on the "Properties On/Off' icon(right most on the top), you would see all the details.
  In WAD, before opening the template, click on "Properties On/Off'" icon to see the details.

• I have a user who has permissions on site A B C 's some libraries. How can I get a list for all the contents the user have permission for?

  The user has permissions on site A B, and C. within the sites, the user has permissions on some lists/libraries.
  how can i retrieve an entire list to see what the user has permissions on?
  thank you 
  I might be a newbie in some area. But I'm working hard. :)

  You can get the report using powershell, please check below posts
  http://social.technet.microsoft.com/Forums/sharepoint/en-US/5a3252bf-cb03-4488-9a0d-f4e0ce07d497/user-permissionsaccess-report-in-sharepoint-site
  http://reality-tech.com/2011/12/30/reporting-on-all-user-permissions-in-a-web-application/
  My Blog- http://www.sharepoint-journey.com|
  If a post answers your question, please click Mark As Answer on that post and Vote as Helpful

• Reader SDK: any way to see what text the user has selected?

  I'm using the Adobe Reader SDK with C#, looking at the interapplication communication features.
  I can open a document in Reader and allow the user to user the reader tools like select text, etc.
  Here's the problem: I want to have my application know what text the user currently has selected.  And I'd like it to know the name of the field that the user has selected, not just the text of the field.
  Microsoft Office's Interop has something like this:
  currentDocument.GetSelectedText();
  Is there any way to do this with IAC or the javascript or plug-in features of the Reader SDK?
  If not, can it be done with the Acrobat API?  I've looked through both sets of documentation, and haven't found what i needed.
  Thanks for any help!

  To write a plug-in for the Adobe Reader you need to go through 2 separate steps.
  Step one - Download the Adobe Acrobat SDK (from here http://www.adobe.com/devnet/acrobat)
  and build your plug-in against the Acrobat product, following the documentation to make sure you only use API's that are available in the Reader program. The documentation tells you what version of the Adobe ACrobat or Reader program is needed for the function and whether the function can be called in Reader.
  Step two - Apply for a Reader certificate to allow your plug-in to be loaded by the Reader, the link is on the same web page as the above link. This step can be initiated before you have created your plug-in, and I would recommend that you do start this process before you develop your plug-in as Adobe can refuse to give you the certificate in which case all your development would be wasted.
  Only once you have permission form Adobe can you make your plug-in work with the reader application.
  Once you have done both these steps there are plenty of people on this forum that can help you with specific problems you may encounter.
  If you are not sure you have the knowledge to build the plug-in, there are plenty of people that you can hire to create the solution for you.
  HTH
  Malcolm

• When the user press the button Calculate Tax (see attached doc) and click on Tax details then this should be updated automatically. But it does not work it is empty and the user has to update manually.

  When the user press the button Calculate Tax  and click on Tax details then this should be updated automatically. But it does not work it is empty and the user has to update manually.
  All setup looks fine.
  Please let me know what can be done on this?
  Regards,
  Peu

  HarryAustralia wrote:
  I recently updated my ipad wifi only to the new ios 6.1.2 and initially I had the auto cover lock option which can be seen in the Generals tab, but then it stoped working!! Before the update, the auto cover lock worked fine. So after trying all the options, I then did a complete reset on the ipad and now its gone all together from the General tab!! I can no longer see the "auto cover lock" option.
  The iPad cover lock is for when you use a cover with magnets in it to lock and unlock the iPad when you close the cover or open it. Try running a refrigerator magnet along the sides of the iPad and see if that trips the iPad Cover Lock back into the settings.
  That is not the same thing as the iPad Auto Lock setting which allows you to set an allotted time before the iPad goes to sleep.
  You can try resetting all settings to see if the Auto Lock feature retinrs to the iPad.
  Settings>General>Reset>Reset All Settings. You will have to enter all of your device settings again.... All of the settings in the settings app will have to be re-entered. This can be a little time consuming re-entering all of the device settings again.

• Getting list of tables the user has access to across different schemas.

  Hi,
  I have to get the list of tables that an User has access to. I tried the below code. It takes a very long time. Is there any way in which I can specify the user name and get all the tables that he has access to? I know that we can use dbMetadata.getTables api. But this returns the list of tables under the said schema. But I want the list of tables that the user has access including tables in other schema.
  In the below code, I am trying to get the tables for which USER_MICHAEL has access to.
  DatabaseMetaData dbMetadata = connection.getMetaData(); String userName = null; dbrs = dbMetadata.getTables(null,userName , "%", new String[] { "TABLE" }); dbrs=dbMetadata.getTablePrivileges("",userName,"%"); while (dbrs.next()) { String tableName = dbrs.getString("TABLE_NAME"); String schema = dbrs.getString("TABLE_SCHEM"); String privilege = dbrs.getString("PRIVILEGE"); String grantee = dbrs.getString("GRANTEE"); if(grantee!=null && grantee.equals("USER_MICHAEL")){       System.out.println("Schema---"+schema+" Table---"+tableName+"  Privilege----"+privilege+"  grantee---- "+grantee); } }

  That would be database dependent.
  Some engines have some system tables that together may be used to extract such information, others may not make it available at all outside closed APIs.

• ISA : The user has no authorization

  Hello Friends,
  I created a customer configuration " MYCONF"  under
  http://host:50100/shopadmin/admin/xcm/init.do
  and then i tried to connect to :
  http://host:50100/shopadmin/shopadmin/init.do?scenario.xcm=MYCONF
  i was directed to login page .
  i enter login : WEBADMIN and its pass but i get this error :
  An error occurred:The user has no authorization for Shop Management
  In SAP CRM back end , i gave the WEBADMIN user the roles :
  SAP_CRM_INTERNET_CUSTOMER
  SAP_CRM_ISA_UA_SUPERUSER
  SAP_CRM_ISA_WEBSHOP_MANAGER
  restarted all servers .
  but i still have the same error..
  what happens?

  Hi Blackman,
  try logging with just your own CRM logon.  It should work.  The webadmin user is this the one logging onto CRM that you set up in teh XCM settings?).  This should have the role SAP_CRM_ISA_ITSLOGIN assigned to it.
  Then your user just needs the webshop one you assigned but you should have sap_all anyway right?
  Cheers
  Andrew

• How find whether the User has inherited or excluded or directly assigned .

  Hi Every one,
  I am building a report where in which I require for a given position and catalog who are the users and these users are Directly assigned or  Excluded or Inherited.
  If Inherited from which position it has been inherited.
  Now that I got the list of user for a Catalog id , and I can get the attributes for each users through FM BBP_READ_ATTRIBUTES
  But this FM fetches the attributes Inherited excluded or directly feild too, but it is not correct.
  I want to know whether is there any way where we can find the given user has inherited this catalog and from this , so same as this user has direct assignement to this catalog or this user has been exclude for this catalog.
  Regards,
  Raj

  Hi,
  The table ET_ATTR of the function module  BBP_READ_ATTRIBUTES will provide information about the Inherited, Default or Excluded status.
  The following are the appropiate Indicators.
  INH_STATUS - Inherited
  DFT_FLAG - Default
  EXCLUDED - Excluded
  Regards
  Kathirvel

• Can't get hold of the user.waveset.roles in my workflow

  Hey,
  I am developing a workflow process that adds a role to each user during reconsiliation if they don't already have it.
  1. It gets the user view.
  2.. It checks to see if the user has a particular role. (This is where my problem lies, as the user.wavset.roles value returns null).
  3. If the user already has the role the process ends.
  4. If the user doesnt have the role it appends it to user.waveset.roles and then checks in the user view.
  So at the moment the process always thinks the user hasnt got the role because I can't get user.wavset.roles to return a value. Although I can access it when I append!?
  Any ideas anyone why I cant access the user.waveset.roles value in the second step? It prints out that the value is null on the stack trace.
  The Activity code looks like this:
  <Activity id='5' name='Check Roles'>
  <Transition to='end'>
  <match>
  <upcase>
  <block trace='true'>
  <ref>user.waveset.roles</ref>
  </block>
  </upcase>
  <upcase>
  <rule name='Entrust GetAccess Role Name'/>
  </upcase>
  </match>
  </Transition>
  <Transition to='ProcessUser'/>
  <WorkflowEditor x='163' y='9'/>
  </Activity>

  Check once if the variable "user" is holding the user view or not.
  I'm not sure if you have already tried this....
  If we are getting the user view using a workflow service then by default the fetched user view is placed in a variable called "view". So we may have to use 'view.waveset.roles'.
  If we want to store the fetched user view in the variable "user", then in the Action that gets the user view, we may have to return the value from "view" to "user", wherein "user" is a global variable defined at the workflow level.Then we can refer "user" in all the activities throughout the workflow.