Running BM3.9 with SP1a
Have Surfcontrol.

Have ticked Enable HTTP Proxy Authentication and SSO and users are
running clntrust.exe.

I can allow or deny rules via the source being Any, however if I try to
use the source as a username, group or context to deny or allow access to
a destination, it does not work.

For example the following rule will block all users from accessing google.

Action Source Access Destination
Deny Any URL

If I change the rule so that the source is a group, username or context
it does not block google?
Additionally the proxy log is not logging username, only source IP

Any help would be appreciated.