Separate permissions for wpad
Users can be required to actually use a different proxy than the one from which they download the PAC file - e.g. for users that are travelling.
Having an easy permission model like for Web filtering and FTP would be useful to allow users to download the PAC from a preconfigured proxy. This PAC evaluates the soure IP and sends the actual web traffic to a closer proxy server.
you may want to expand on your idea a bit. I'm not sure it's clear exactly what feature you're asking for.
Wpad files are supported, and can be hosted on the UTM. They can even be synchronized across multiple UTMs with ACC, but it is up to the wpad script creator to create the script, and decide what users are routed where.
It's unclear to me where permissions would come into what you are asking. can you elaborate?