There is a competitive product on the market that provides a so-called “comfort feature”. This feature allows users to receive direct access rights to file servers temporarily, in addition to receiving them through group memberships. The benefit of this feature is, apparently, that users can use their new access rights immediately, without having to log out and back in again first.
On a technical level, it is not difficult to produce this feature. So, why has it not been implemented by tenfold? The answer is simple: assigning access rights consistently via groups is better and safer.
The comfort feature does not take into account list rights and therefore does not allow users to browse to the folder they wish to access. To access it, users have to know the exact path to the folder. This is unrealistic and, in fact, the very opposite of the user-friendliness we usually strive to achieve on file servers using ABE (access based enumeration).
Granting users direct access rights can lead to a significant loss in performance. If the directory tree happens to be very large (which the user cannot know), setting direct access rights can take hours or even days. In that case, it might be better and faster for the user to log out and back in again and obtain the privileges through the group that has already been set. The user has no way of knowing whether it is better to wait or to log out and in again, so in the end, the comfort feature has no advantage to the user.