This sounds complicated and very hard to maintain. Is there anything common between these 700 users like subnet? Do you know that these users will always have the same address? If not, you may block UserA today, but they'll be allowed through tomorrow because they have a different address. Do all 700 users come through the same interface? If so, you should just shape the class-default class and call it a day.
HTH,
John
*** Please rate all useful posts ***
HTH,
John
*** Please rate all useful posts ***