Raymond, it is good, but it is inefficient, because more SSIDs decrease performance.
In addition, if you have a user in a different group using the same computer, they will have to know to configure the laptop or device to a different SSID, which cause cause helpdesk calls. If you made it so everyone authenticated to the same SSID, but the rules in the background put them on a different VLAN via 802.1x, they would not have to remember what SSID to connect to.
Lastly, you should consider what you are using VLANs for: VLANs are not necessarily a security mechanism. All users could be placed into the same VLAN in the Aruba System, but have different roles and firewall policies on the WLAN that determine what they can and cannot do....