If it is not possible to use Active Directory groups to control what permissions each user has on ePO, then, is it possible to set permissions in ePO based on which AD group a user is in?
You can "map" ePO permission sets to groups in Active Directory.
- Register your LDAP servers in ePO (Menu -> Configuration -> Registered Servers)
- Select a Permission Set and click "Edit" next to the "Name and users" setting
- Locate the "Active Directory groups mapped to this permission set" setting (at the bottom)
- Click "Add", find the AD group and click OK