Access rights can be configured per app using the access overview. The overview is accessible via the tools menu.

In the access overview, the read and write permissions are displayed for basic and for individual apps. One or more groups may be assigned via the edit button on the right. There is a difference between the dialogue of basic apps such as processes and the legacy apps (audits, internal projects, protocols, risks) and the configuration of individual apps. Which category is involved can be seen via the App Category column. 

For basic apps, the configuration can be done at any time, the changes are active immediately.  

For individual apps, the App Generator configuration opens, and the changes must be published by updating the  application.