As clembo said, the default dot1x role with override the UDR. UDR occurs before the dot1x role is applied. Server rules are applied after.
In the server group defined in your AAA profile, you'll map the MAC addresses of the offending clients to the quarantine role.
In the GUI:
Authentication > Servers > Server Group > server_group_name
Click New under Server Rules and fill in the blanks:
Condition = macaddr
Operation = equals
operand = aa:bb:cc:dd:ee:ff
Action = set role
Value = quarantine-role
CLI:
aaa server-group "server_group_name"
set role condition macaddr equals "aa:bb:cc:dd:ee:ff" set-value quarantine-role