Unless you change the permissions specifically, "everyone" has read and execute access to everything in /Applications. Ownership (root), and group access (wheel or staff in your case) just give permissions beyond "everyone" having read and execute access.

drwxrwxr-x means all users have read and execute privileges over the file. This would be written out as 755, and what JAMF Composer would show. You would want something like 750  if you don't want "everyone" to have access to the file or 754 if you won't want "everyone" to be able to execute the file.

https://www.elated.com/understanding-permissions/

Confusion is that, when I installed another app named LogMeIn I saw the permission is set 755 with ownership group is wheel, and I tried to open the app from an user who is not the member of wheel and it doesnt open from that user account. So I changed the group permission from wheel to staff (755)and built the package and installed it again. Now I am able to open the LogMeIn app from that user as that group is the member of staff but not the member of wheel, so I am little confused if any other logic here to open the app. LogMeIn app is signed app also, any idea?