One thing you might explore here is using the developer API, alongside decoupled resources. With the API you can create individual resources for each user with their credentials and then, using decoupled resources, dynamically set the resources for your queries so that they're only using their personal resource.
With that, it might also be helpful to add an org-level JavaScript object that maps users to their respective resources, so that it's easier to dynamically set the resource appropriately.
Let me know if any of that sounds interesting or raises any questions! Happy to turn on decoupled resources for you as well if you'd like 