I don't understand groups and permissions in Active Directory

I don't understand groups and permissions in Active Directory

I'm playing with permissions and noticed the following situation I don't understand.
The PC EXAMPLE is a part of a domain, let's say example.com and the currently logged on user is Hello (hello@example.com). This user is a member of example.com/Demo group — Security Group, Universal.
When the full control permissions are set on a partition for and only for:
SYSTEM
Hello (hello@example.com)
Administrators (test-pc\Administrators)
then Hello user can access the partition.
When full control permissions are set for:
SYSTEM
Demo (EXAMPLE\Demo)
Administrators (test-pc\Administrators)
then the partition is not available any longer for the user Hello.
As I understand it, groups, in Active Directory, are intended to simplify, among others, the management of permissions on files and folders, i.e., instead of specifying that a specific directory can be accessed by user 1 and user 5 and user 7 and user 19, etc., one can simply create a group and set the permission for this group.
It appears that it's not the case. So what are groups for? How to set permissions for a set of users without setting those permissions for every user?