Recently i tested on assigning different bandwidth requirement for number of users. Example setup is showed in the following diagram. 512kbps is divided between users and one user can use whole bandwidth when others are not using.I've done some testing on this and i archived the requirement through hierarchical queuing strategy.
1) I setup the natting / and other basic setup-
ip route 0.0.0.0 0.0.0.0 10.0.0.2
ip nat inside source list 2 interface FastEthernet0/0 overload
access-list 2 permit 192.168.2.0 0.0.0.255
ip nat outside
ip nat inside
2) Define the class-maps.
2.1 - Access-list for match the ips.
access-list 101 permit ip host 192.168.2.1 any
access-list 101 permit ip any host 192.168.2.1
access-list 102 permit ip host 192.168.2.2 any
access-list 102 permit ip any host 192.168.2.2
access-list 103 permit ip host 192.168.2.3 any
access-list 103 permit ip any host 192.168.2.3
2.2 - match ACL.
class-map match-all shape256_pir256_HostA
match access-group 101
class-map match-all shape64_pir64_HostB
match access-group 102
class-map match-all shape128_pir512_HostC
match access-group 103
3) queues ..
3.1 - Define the parent shaper.
shape average 512000
3.2 - child queues
police rate 256000 bps burst 32000 bytes
police rate 64000 bps burst 32000 bytes
4) Apply it on the interface
ip address 192.168.2.1 255.255.255.0
ip nat inside
service-policy output shape_512
My test result showed the bandwidth guaranteed for the HOST A,B if those are not using HOST C can utilize that's the reason i did not put any shape in the child.