The time ranges you can configure in ArubaOS can only be used in the Virtual-AP under the option "deny time range".
If you use a RADIUS server for MAC authentication or 802.1X you can create policies which will return different Aruba-User-Role attributes based on the current time. You also have to return a IETF - Session-Timeout attribute relative to the current time, you should return the amount of seconds until the time the bandwidth contract should change; this forces the client to reauthenticate so the user will fall into a new user-role.
You could also use RADIUS CoA to achieve this, changing the user-role of the connected clients at certain time.