Quasi-relevant $0.02: In a previous position, I once tried lab-testing time range ACLs on an ASA 5510 for the purpose of disabling customer Wi-Fi after hours. Back then, when paying $$ per GB, why have public Wi-Fi leaches when you're closed?  I doubt that type of problem exists these days with corporate plans usually being straight priced for bandwidth on monthly connection rates / contracts. 

Nowadays the case might be made to prevent illegal activity on public Wi-Fi when you're closed, as I'd think there would be people who might do such a thing in this day and age to mask their activities.  Or what if you're open only 9-5, you're in an office building, and people whose offices work longer hours leach off your guest Wi-Fi network all night?

Food for thought (exercises),
David

I don't believe dACLs on IOS would support time range but I have never tried it through ISE. Based on the below 9800 WLC documentation dACLs only support IPs, ports, protocols, and the action. I would expect the same on the switches.

Downloadable ACL (cisco.com)

From ISE perspective whatever you configure in the downloadable ACL section is going to be pushed via RADIUS to the NAD and the NAD will write it locally, this is why we use exactly the same syntax on ISE.

Time range ACLs require the time range object to be defined before it could be referenced in the ACL. From ISE point of view there is no place where you can configure this as I'm aware of. What you can try to do would be to create the time range locally on the NAD and then referencing it from ISE when you create the dACL and see if that works.

The concept behind the dACLs is to apply the enforcement based on the identity connected to the network and that enforcement will last for the whole lifecycle of that session. However, if you want to apply an enforcement that will affect the whole subnet/VLAN for the traffic passing through the firewall such as the internet traffic then you can apply this enforcement on the firewall rather than the dACLs.