Unisphere elevate access

Afternoon all, I am running Unisphere for VMAX 8.4 and trying my best to simplify and secure our Unisphere application. Currently, each storage user has their AD account setup in Unisphere and configured for Monitor and Performance monitor.....perfect as a read/only account. However, if we want to elevate their access to security admin for instance (to add/remove users) then we need to use a generic account to do so...not so secure. What we want to do is add the users AD account to an AD group that has elevated access for a limited time and then, once removed, they go back to read only (through our own forms/process that works for other applications). Sounds simple, create an AD group, add it to the Unisphere instance and give it security admin rights. If the user is added to that group then they should inherit the security admin role and then lose it again once they are removed. However, I been testing it today with my account that only has monitor/perf monitor rights but it doesn't seem to pick up the rights of the AD group that has sec Admin when I'm added to that group. my user account and the group are from the same Domain and are setup correctly. Any hints/tips?