If you are using a multi-tenant Deployment the provider users must be a member of the sas group.
If you are not using multi-tenant deployment, then the requirement is that a user's UID and GID are the same across all of the servers.
Also to note, that if you choose to not assign the user to the sas group and they need to run a compute server session (like when running SAS Studio V) then you need to make sure the permissions are open for others to write to the compsrv logs directory.
All of the service accounts out of the box will be members of the SAS group as well (like sas and cas).
From the documentation "User Accounts (Reference)":
The sas group is intended to allow access to administrative features, such as logs and backup. It is the group owner of many files on disk. Restrict membership in this group to administrators.
Here is the documentation regarding User and Group Requirements: https://go.documentation.sas.com/doc/en/calcdc/3.5/dplyml0phy0lax/n15hhewllr5ji2n1sxf96imqvtpj.htm
I hope this helps! 🙂