Whilst it's great that a user can have a policy, to achieve granularity you need to maintain user groups.

Having the ability to apply a policy or over-riding policy to a device would be useful in situations where you are limited with user grouping maintenance options.

It would also allow for situations where you have a shared device, with no single user.