IF you are using different user-roles for each SSID then You could create an ACL natting traffic to a certain IP address
ip nat pool VLAN20 192.168.100.1 192.168.100.1
ip nat pool VLAN10 192.168.150.1 192.168.150.1
!
ip access-list session NAT-VLAN10-ACL
any any any src-nat pool VLAN10
!
ip access-list session NAT-VLAN20-ACL
any any any src-nat pool VLAN20
!
user-role A
access-list session NAT-VLAN20-ACL
!
user-role B
access-list session NAT-VLAN10-ACL