Is there any other way to possibly achieve anything like this?  It seems a relatively likely thing to want to do.  I know I've worked on storage devices that have a similar idea (you have a quota, but it's only enforced if the storage device starts to get too full, etc...), and this seemed an even more useful and easy application of the concept.

Ideally, it would be something along the line of people get the amount of bandwidth divided by number of connections, or something like that.  Is it maybe possible to do it at the switch (stacked Catalyst 2960x), but just apply it to the connection out to the ASA?  Or any other devices that might let us do something like this?

We have a lot of issues with machines bandwidth hogging and strangling other people's connections, but we also have a highly variable number of people in the office at any given time and it doesn't seem good to limit someone for no reason if the bandwidth is available.

Cisco IOS/IOS-XE routers (and Cisco Meraki MX security appliances) can do this, but not the ASAs.  The ASA can enforce a hard policed limit on a type of traffic - but not divide it up amongst users.

Interesting.  Okay, we have a 2921 ISR that we're actually not using at the moment.  So the ASA 5505 can't do that, and the Catalyst 2960s can't do that, but presumably if we put the 2921 in between we could implement it there?

Thanks!  I work at a charity, so for now I have to do the best with what we've received.  In future, though, I'll keep this in mind if we get the chance to change equipment.

If you speak to your Cisco partner you may be able to get Charity pricing.  There are also schemes like this one where partners can nominate charities to get free kit.

https://meraki.cisco.com/blog/terms-conditions-meraki-giving/

That's essentially how we got the current equipment (through a Cisco charitable program), and since we just got it recently, I'd hesitate to ask for more right away unless something wasn't working.  But I'll put out some feelers.  :-)