Security settings for every object can be viewed and configured in the security step of that object's wizard.
An object's security is defined in security rows. Each security row defines security for a single user, user group, or role. Inherited security rows cannot be edited in the object. Their icon appears grayed out, but you can view the permissions that are defined.
The security step in each object's wizard lets you define if the object will inherit its security settings, and allows setting permissions for the object's security rows.
Regardless of the inheriting status, you can always add new (local) security rows. You can even define local rows for the users, groups, or roles for which the object already inherits security rows. Local security rows appear with a regular icon and they can be edited.
You can also set security rows for deliverables, action items, and documents.
Links have owners and behave according to the permissions defined, but you cannot add or change security rows for links.