[USB] Device node not being created after device was authorized

I work in an environment where management wants to block use of all USB devices except for those authorized. I have two possible solutions:

1. In a UDEV rules file, put rules for the devices we want to authorize. Everything else gets de-authorized: ATTR{authorized} = "0". The problem here is that we need to authorize access to some devices according to who is logged in. I have some complicated logic that detects the most recently logged in user that had a display, but it has holes in it that I'm not sure I want to work around.
2. In a rules file, block everything but the devices that everyone should have access to, like keyboards and mice. Everything else, the user has to run a script that writes a 1 to the device's authorized file, and only users with the appropriate permissions can do that. I like this solution better, but I've discovered that after the device gets authorized, UDEV doesn't automatically create a device node. For example, we have a USB DVD burner that we're trying to use this way. The script works to write 1 to the device's authorized file, but the burner should then be in /dev as /dev/sr0, which is never getting created.

Any thoughts? Either a way to detect who's plugged in the device, or a way to force UDEV to detect the device's authorization and create the appropriate device node? Thank you in advance for any help you can offer.