there are many ways to accopmlish this.. one easy way is to use DAP

ciscoasa# conf t
ciscoasa(config)# dynamic-access-policy-record BLOCK_USER
ciscoasa(config-dynamic-access-policy-record)# description "Block specific VPN user"
ciscoasa(config-dynamic-access-policy-record)# aaa-attribute username eq USERNAME_TO_BLOCK
ciscoasa(config-dynamic-access-policy-record)# action terminate
ciscoasa(config-dynamic-access-policy-record)# exit