Normally, a user has to log out and then log in again so that the rights of a newly added security group become active.
You can do that without a logoff. To do this, the CMD simply has to be started in the user context. Then enter klist purge there and execute it.
The user's Kerberos tickets are deleted and have to be queried again. But all of this only works with Kerberos. This way does not work with NTLM.