If you are using the default "URL Filtering" rule from the Ruleset Library, you need to make a "Stop Ruleset" rule which matches your user list, and put this before any block actions. This list can either be created in the WebGateway as a list of usernames (so new users must be added on the web gateway), or it can be an AD/LDAP Group of users (if your authentication is resolving groups from AD or LDAP), or it can be an external list that the web gateway pulls from another system.
The basic rule is the first one which I have added below:
Basically: If the authenticated Username (mitchese) is in the list of "Allowed Users" (this list would then contain "jsmith, mitchese, testuser1"), then Stop the ruleset. In my case, stop ruleset will continue with the next rule of "Media Type Filtering".
A similar rule is required if you are using authentication with AD/LDAP groups, except the rule to be created will be if the "Authenticated.UserGroups" is "At least one in list", then a list of the AD Group names (So "Authenticated.Usergroups" contains all the groups of mitchese, like "Domain Users, internet-users, internet-powerusers" and the list of AD Group names would contain "Internet-PowerUsers" to allow anyone added in the AD Group InternetPowerUsers to skip this media type filtering.