This is something I want as well!
At the moment for the Cloud Only UI cannot support exactly what you're describing (URL based exceptions for groups). The URL exceptions apply to the protection area (i.e. Web Category Filter).
Something that may work would be to allow the category for the group (under Web Category Filter), then allow the Youtube Application for the group (under Access Protection). Using the application based approach also eliminates the need for you having to maintain a list of URLs for Youtube.
I also forwarded this thread to our UX team. The ePO Cloud "Feedback" option actually goes directly to them. If you find any other gaps in policy creation, please do feel free to use the Feedback option as well.
I spoke a little too soon, this (group based url whitelists) is currently apart of the policy in the beta environment -- so this should going live pretty soon.
Thanks Jon for your responses. Any idea when this system in the beta environment will be going live?
It was added over the weekend.
I can now see you can now block certain groups and that "allow" is the catch all and primary action (previously when you created a new rule using a URL list, you could not block a certain group). However, this does not solve my problem, it's close but not what I'm looking for. I'm looking to have the rule default to block and only allow certain groups, not the other way around. For other rules, you can move the "Block" action to the bottom to make it the catch all (primary) and then force it to allow only for the groups you specify. However, when you create a new rule using URL Lists, the "Move Down" and "Move Up" action is greyed out (see screenshot) and I cannot change the primary action of the rule I would like to create. You can change the primary action of the rule if you create a new rule using "Web Categories" as the "Move Up" and "Move Down" action are not greyed out.