Applying different group filtering to the same device based on who is logged on

The situation:

I have my laptop being used by either me, my wife or my son (7 years old).
The laptop has 3 network connections WiFi, LAN and docking station, the laptop can use one or more of these at any one time.

The desired outcome:

I would like to have a different group association based on who is logged on to the laptop.
Namely, if my son logs on to only allow certain websites and if me or my wife logs on, to have unrestricted access.
(Would also like to have this in more granular setup, my son to be able to only browse certain websites at any time of the day, but to have a 30 minute window during which I allow him some additional websites)

Things I played with:

  1. Initially I started playing with a PowerShell logon script for each user, to change the MAC Address of the laptops network cards to certain values, based on who is logged in.
    This didn't worked as I expected because the Intel WiFi adapters don't really like changing their MAC Addresses and even when I managed to get it changed, it was a miss and hit mostly.
  2. The other route I went down was to have a different pihole just for my son, because I am running pihole in a docker, it was easy to turn on a secondary pihole with another IP address and disabled DHCP server on this.
    The logon script in this case leaves the IP address of the laptop on DHCP and just changes the DNS Servers IP address on the laptop.
    The issue I found is that I (so far) didn't found a way to change which is the default group on the pihole.
    What I would like in this case is to have all devices using this specific pihole using a "LearningWebsitesOnly" group between certain times (or all the times)

Last idea

To have a logon script which would "tell" the raspberry pi who is currently logged on on the laptop (listing it's mac Addresses).
And have a cron job on the raspberry pi, which would change/update the pihole group associations in gravity.db sql database every minute


Is there a better way for what I am trying to achieve?

This is out of scope for Pi-hole:
DNS protocols do not carry any user information.
The single identifying information directly observable in a DNS request is the source IP.

The only DNS-compatible approach would thus be that your laptop's OS would use a different IP address based on the user login.

You'd have to experiment and find out whether that would be possible with your chosen OS at all.