For achieving your goal you have to install your clients in user mode.
In SEPM you can install clients in two policy modes- user mode and computer mode
Computer mode: SEP is installed on computer no matter who logs in
User mode: Installed to users the currently logged in user.
this is from page number 56 from installation guide
You can set up clients as users or computers, depending on how you want the policies to work. Clients that are set up as users are in user mode. Clients that are set up as computers are in computer mode. Clients that are set up as users are based on the name of the user who logs on to the network. Clients that are set up as computers are based on the computer that logs on to the network. You set up clients as users or computers by adding the users and computers to an existing group. After a user or a computer is added to a group, it assumes the policies that were assigned to the group.
The policies that are in force depend on the mode in which the client software runs:
Mode
Description
Computer mode
The client protects the computer with the same policies, regardless of which user is logged on to the computer. The policy follows the group that the computer is in. Computer mode is the default setting.
User mode
The policies change, depending on which user is logged on to the client. The policy follows the user.
If the client software runs in user mode, the client computer software gets the policies from the group of which the user is a member. If the client software runs in computer mode, the client gets the policies from the group of which the computer is a member.
After you add a computer, it defaults to computer mode. Computer mode always takes precedence over user mode. Users who log on to the computer are restricted to the policy that is applied to the group to which the computer belongs.
You have to create two groups .To the first group you have to attach user a and give policy which will allow usb access and to the second group attach user b and deny usb.