Moved to Web Gateway for better handling.
is authentication already set up and working?
If so put a single rule in front of the category blacklist which says "Authentication.Username is in list <Allowed Users> Then Stop Rule Set". Put the allowed users into the "Allowed Users" list.
Now the block rule will not be executed for the users added to the list.