Add ARM users
When assigning a user to a change role - such as data owner - that user initially has access to all resources. If you want to limit their access further you must do this via the Data Owner configuration.
User groups as ARM users
You can use AD groups as ARM users. The process is identical to adding an ARM user. Please note the following:
Using complex group structures will increase login time significantly.
Hierarchy of role assignments
By using groups, it is possible to assign several roles to a user. In this scenario the login mechanism verifies role columns from left to right and uses the first match. There is no combination of roles.