Granting permission to applications and their objects
You must grant or deny access to the deployable application itself, and to each form, field, and active link, and active link guide in the application. The objects in an application do not inherit the access you grant to the application itself. Likewise, if you deny access to an application, access is not denied to the objects within the application.
You can configure default permissions for the application before creating the application object to simplify permissions assignment and ensure consistency within the application. See Defining default permissions.
When you add a form to a deployable application, all explicit groups are removed from its permissions and from the permissions of its fields and all active links and active link guides that have the form as an associated form. If the application has default permissions, those are added. You can grant permissions to roles and implicit groups, as described in Assigning permissions, to these objects and fields as needed.
Default role permissions are not applied to forms in deployable applications. You must apply the role permissions to each form.
When you remove a form from a deployable application, all roles are removed from the form's permissions, from the permissions of its fields, and from all active links and active link guides associated with the form.