I suspect the horror stories are to do with internet links being choked rather than something else?
I typically don't determine bandwidth limits by way of device type. I think that's a bit arbitrary and not very friendly. If you think about it, the user type really determines the bandwidth to be delivered (if you're going to enforce it) in most scenarios, and the device+user type determines threat level.
Let's ignore the security bit though...
In order to offer a suggestion, I would need to know a bit more about your environment.
1. What's your business type? Are you academia or something else?
2. Are you authenticating the devices and/or users on the wireless service? If so, how (including auth server type)? Captive portal, 802.1x/EAP?
3. Where is your bandwidth constraint most significant? I.e. ignore the WiFi and assuming this is internet traffic we're limiting, what's your outbound pipe speed?
4. What's the volume of users in each logical group?
5. How many APs in your estate?