Permissions not updated in Web Interface for group changes
When a user is added to or removed from a group the permissions do not reflect within ActiveRoles Server Web Interface but show up properly in the MMC console.
This is due to an issue with Microsoft IIS. When you logon to ARS WI, IIS performs impersonation (http://msdn.microsoft.com/en-us/library/aa292118(v=vs.71).aspx). For performance purposes IIS caches this information. When you perform logout in ARS WI in fact you simply clear identity cache of IE but this does not clear cached identity on IIS side. As result: when you try to logon again IIS uses already cached identity. In this case token groups is not rebuilt and from this perspective cached identity is still member of group.
Restart the ActiveRoles Server Application Pool in IIS