As of version 220.127.116.1140, dbFront now allows you to specify Update and a ReadOnly AD Groups. Users in those groups will have either Update or Readonly permissions.
This is in addition to the existing support for specifying user specific permissions. User specific permissions will override group membership if present.
Otherwise the "Default Access" for that connection will apply. This applies to all other users that have dbFront access.
For more details see: https://dbfront.com/windowsauthentication