I will try to answer it to the best.
a. You can assign a dedicated IP address to a user or assign a group policy for the user with the address pool.
b. You can assign filter on the group-policy which in-turn you can tie the user to the group-policy
c. You can use "telnet " or ssh command and be specific about what IP address should the request come from to access the device.
OR as you said, you can use TACACS to assign the user to a specific group and assign specific address.
Hope this answers your questions.
Cheers
Gilbert