DDD and user stories

A while back, I sat down and wrote out the uesr stories for my application. While I am still working on my old-school style version, I am also still toying with a DDD version. My hope has been that somewhere between the two, I’d see some correlations and understand DDD better. As it is, I still have doubts and questions on it. To better assist you in your comments to this post, I’ll use an actual example story, and my thoughts surrounding it. I would ask that anybody who uses DDD in day-to-day practice to please respond with any tips, or insight, that might prove usefull to me.

The story:

A user whose group has specific permission to do so, may add additional categories to the system.

My thoughts:

This tells me that each use may belong to a single group, that group must have a property that allows the addition of categories (CanAddCategories for example). This also means the user entity should expose a method similar to user.AddCategory(Category category) and this is where the problem arises.

The category and user tables have no associations (at least not directly). It is illogical to have the user entity maintain a private ISet of category entities. Nor is it good practice to have that method use IoC to grab an instance of a repository just to complete the transaction. Entities should enfore business rules only, not facilitate persistence.

As category is an aggregate root (category->forum->thread->post) there is no object higher in which to place an adjusted method similar to AddCategory(User user, Category category), nor any that maintain a set of categories in the first place.

Suggestions?