Question 1:
One of my clients requires his users to only access a number of authorized sites, is that possible.
With a regular Linux distro I used Squid Guard http://www.squidguard.org/ and based on your username
you could access all sites or only a selected number of sites.
Question 2:
If you have an open proxy, can I run something like SARG (squid analysis report generator) http://sarg.sourceforge.net/
too see what sites my users have been acccessing
I suggest you to use web-proxy test package. You need to uninstall web-proxy package before you install web-proxy test package.
Question 1:
This is link from manual for web-proxy package access list:
http://www.mikrotik.com/docs/ros/2.9/ip/webproxy.content#7.53.3
There is example for web-proxy test package access list:
/ ip proxy access
add path=:unipeak.com action=deny comment="Anonymous Proxy " disabled=no
add dst-host=:unipeak.com action=deny comment="Anonymous Proxy " disabled=no
Question 2:
There is no statistic but you can send all web-proxy logs to remote computer.
In web-proxy test you can see current connections.
( / ip proxy connections )