Accounts
People
A person entity is required to sign-in and use the DrawBridge web portal.
Additionally, Person records are associated with Companies, and, optionally, Accountability Policies.
View the Active People list by clicking Accounts, then People in the left menu bar. Click the Name of a Person in the list to view the Record for that person.
Person Record View
A Person record contains the following parameters:
| Parameter | About |
|---|---|
| Name | Display Name |
| Email address | |
| Mobile | (Optional) Mobile phone number |
| Canonical ID | The global unique identifier |
| Last Active | Timestamp of last sign-in activity; see Sessions informational tab, below |
Person Record header buttons:
-
Add a new Person record with the blue + Create Person button
-
Edit this Person record with the green pencil Update Person button
-
Delete this Person record with the red trashcan Delete Person button
-
Impersonate User (take on the identity and permissions of this user in the DrawBridge; used for troubleshooting)
-
Merge Person records with the blue picture-frame "Merge other Person records into this one" button
-
Hamburger menu:
- Set Console Password: set a DrawBridge Console password for this Person
- Create Tabula account: see Additional Services: Tabula for more information
- Add Group Membership: add this Remote Device User to a Console Permission Group (see Informational Tabs: Permissions, below)
- View Realtime Log Lines: jump to the Realtime Log Viewer, with the data view limited to this device
- Today's Log Lines: jump to the the Reports module with the device pre-selected in data views
- Record Activity Stream: view the changelog for this Device record
-
Bookmark this record with the ribbon Bookmark button
-
Sync Menu (chain-link icon)
-
Sync Mode (default is
2 Way - Push / Pull from Server); click record sync information - Push to Sync Publisher: initiate a record update push from this DrawBridge to the Sync Server
- Pull from Sync Publisher: initiate a record update pull to this DrawBridge from the Sync Server
- Mark to Resync: flag this record in the background to be included in the next sync run
-
Sync Mode (default is
Informational Tabs
Data associated with this Person:
-
Bookmarks: List view of any console shortcuts
- Add a bookmark by clicking the Ribbon button on any record in the Console
- Delete a bookmark with the red trashcan Delete button on the relevant Bookmark line here
-
Companies: List view of any associated Company relationships
- Add a Company relationship with the
Add Company Staff Relationshipbutton - Edit a Company relationship with the green pencil Update button on the relevent line
- Delete a Company relationship with the red trashcan Delete button on the relevant line
- View Company Relationship history log with the blue Record Activity Stream button on the relevant line
- Add a Company relationship with the
-
Policies: List view of any associated Accountability Policy relationships
- Add an Accountability Policy relationship with the
Add Accountability Policy Relationshipbutton - Edit an Accountability Policy relationship with the green pencil Update button on the relevent line
- Delete an Accountability Policy relationship with the red trashcan Delete button on the relevant line
- View an Accountability Policy relationship history log with the blue Record Activity Stream button on the relevant line
- Add an Accountability Policy relationship with the
-
Devices: List view of any associated Devices
- Add a Remote Device relationship with the
Add Remote Devicebutton - Edit a Remote Device relationship with the green pencil Update button on the relavant line
- Delete a Remote Device relationship with the red trashcan Delete button on the relevant line
- View a Remote Deice relationship history log with the blue Record Activity Stream button on the relevant line
- Add a Remote Device relationship with the
-
Permissions: List view of any associated Permission Groups and Proxy User Groups
- Add a Permission Group membership relationship with the
Add Permissionbutton - Add a Proxy User Group membership relationship with the
Add to Proxy Users Groupbutton - Edit a Group relationship with the green pencil Update button on the relevant line
- Delete a Group relationship with the red trashcan Delete button on the relevant line
- View a Group relationship history log with the blue Record Activity Stream button on the relevant line
- Add a Permission Group membership relationship with the
-
Sessions: List view of all active/signed-in Console sessions this User has on this DrawBridge. Fields:
- Last Updated: timestamp of last activity
- IP: IP Address of last activity
- Client: the User-Agent reported by the last activity
Unrelated People
Inactive Relationships
This is a list of Person - Company or Person - Accountability Policy Relationships that have been set to Inactive. This list should generally be empty.
Companies
A Company record is essential to using the DrawBridge: all People records and Device records must be associated with a Company record (or an Accountability Policy) to enable full use of their functionality.
If your Company is the only company present on your DrawBridge, clicking on Accounts: Companies will jump directly to your Company record view.
If more than one Company is present on a DrawBridge, and your sign-in credentials are part of a System Owner permissions group or higher, a list view of the Company records will be displayed when Companies is clicked in the left menu bar. Click the Name of the company to view the Company Record. See Essential Concepts: Record Model - Tenancy and Hierarchy for further information about multi-tenancy.
The Company record view is your headquarters for viewing important data on your account, and also for jumping to other places in the DrawBridge to make configuration changes for your Company.
Record View
Name of Company
| Parameter | About |
|---|---|
| Status | This record is Active / Inactive |
| Main | Yes/No: indicates whether this Company record is designated as the Main Company for this DrawBridge. |
| Log Server Account | Optional: Account number on the Log Server; see Reports: Log Processing for more information |
| Canonical ID | The globally-unique identifier for this record |
Link: Log Batches -- jumps you to the list of Log Batches configured for this Company. See Reports: Log Processing for more information. Link: Sync Settings -- jumps you to the Appliance Companies record. See System: Configuration: Appliance Companies for more information.
Company Record header buttons:
- Add a new Company record with the blue + Add Company button
- Edit this Company record with the green pencil Update Company button
- Delete this Company record with the red trashcan Delete Company button
- Hamburger menu:
- Today's Log Lines: jump to Reports: Browse by Loglines -- view web activity access logged today
- Report History: jump to Report Archives
- Record Activity Stream: view the changelog for this record
- Bookmark this page with the ribbon Bookmark button
- Sync Menu (chain-link icon)
- Sync Mode (default is
2 Way - Push / Pull from Server); click record sync information - Push to Sync Publisher: initiate a record update push from this DrawBridge to the Sync Server
- Pull from Sync Publisher: initiate a record update pull to this DrawBridge from the Sync Server
- Mark to Resync: flag this record in the background to be included in the next sync run
- Sync Mode (default is
Informational Tabs
Local Devices
List of Local Device records on this DrawBridge. See Devices: Local Devices for more information.
Create a new Local Device record with the New Local Device button.
Manipulate existing Local Device records in the list view by clicking the desired button on the relevant line:
- Edit a record with the green pencil Update Record button
- Delete a record with the red trashcan Delete button
- View the record changelog with the blue Record Activity Stream button
Remote Devices
List of Remote Devices records on this DrawBridge. See Devices: Remote Devices for more information.
Create a new Remote Device record with the New Local Device button.
Manipulate existing Remote Device records in the list view by clicking the desired button on the relevant line:
- Edit a record with the green pencil Update Record button
- Delete a record with the red trashcan Delete Record button
- View the record changelog with the blue Record Activity Stream button
Contacts
List of Person records with a Relationship to the Company. See Accounts: People for more information.
Add a new Person--Company relationship with the Add Company Staff Relationship button.
Manipulate existing Relationship records in the list view by clicking the desired button on the relevant line:
- Edit a record with the green pencil Update Record button
- Delete a record with the red trashcan Delete Record button
- View the record changelog with the blue Record Activity Stream button
Reports
List of configured Reports associated with this Company. See Reports: Scheduled Reports for more information.
Add a Report with the Schedule New Report button.
Manipulate existing Scheduled Report records in the list view by clicking the desired button on the relevant line:
- Edit a record with the green pencil Update Record button
- Delete a record with the red trashcan Delete Record button
- View the record changelog with the blue Record Activity Stream button
Appliances
Displays the Appliance record associated with this Company. See System: Configuration: Appliance Companies for more information.
Dashboard buttons
Access Policies -- Access Policy Dashboard
Jump to the Access Policy Dashboard for this Company, which displays all the Access Policies which apply to the devices of this Company. See Content Filter: Web Page Access for more information.
Activity Viewers -- Loglines & Reports
Jump to Report Activity Viewers. See Reports: Activitity Viewers for more information.
Preferences -- Preferences Dashboard
Jump to any Preferences associated with this Company. See Essential Concepts: Preferences for more information.
Accountability Policy -- ("Policy Name" or "None")
Jump to associated Accountability Policy (if applicable).
If this Company is a Member of an Accountability Policy, the name will be displayed. If the Company is not a Member of any Accountability Policy, it will display "None". See Essential Concepts: Accountability and Accounts: Accountability Policies for more information.
Inactive Companies
Inactive Companies are Company Records which have had the Status changed from Active to Inactive.
Accountability Policies
As noted on the Accountability page under the Essential Concepts chapter:
The DrawBridge supports an Accountability model to facilitate voluntary, centrally-administered, information sharing and content filter configuration of Member Companies by specified administrators in a community context.
An Accountability Policy consists of the Accountability Policy name and contains Member Companies.
Also, an Accountability Policy contains Preferences (specific controls over member companies) and configures Report Presets (default report settings and recipients) for member companies.
Record view
Link: Assigned Companies -- list view of Companies associated with this Accountability Policy
| Parameter | Setting or Data | About |
|---|---|---|
| Parent | <Policy Name> |
The higher-on-the-heirarchy Policy, where applicable |
| Include Parent Contacts | Yes / No |
Include Parent-policy Contacts by default in this policy, where applicable (see Parent, above) |
| Role | Reviewer / Administrative |
The default scope of control associated Contacts have over member companies. See Essential Concepts for more info |
| Appstore | Company Owner / Accountability Contact / Accountabilty or Filter Admin |
The minimum permission level Preference assigned to the Policy permitted to open the App Store |
| Send Logs | Yes / No |
Send member-company traffic web usage data to the Log Server specified in Reports / Log Processing / Log Servers. |
| Canonical ID | <auto-assigned hash value> |
The globally-unique identifer for this record. |
Accountability Policy Record header buttons:
- Add a new Accountability Policy record with the blue + Create Accountability Policy button
- Edit this Accountability Policy record with the green pencil Update Accountability Policy button
- Delete this Accountability Policy record with the red trashcan Delete Accountabilty Policy button
- View the changelog for this Accountability Policy with the blue Record Activity Stream button
- Bookmark this page with the ribbon Bookmark button
- Sync Menu
- Create on Sync Publisher (push this record to the Sync Server)
Informational Tabs
-
Contacts: List view of Contacts associated to this Policy
- Add an Accountability Contact association with the
Add Accountability Policy Relationshipbutton - Edit the Relationship and Report Delivery options for that Contact with the green pencil Update button on the specific contact line in the list view
- Remove an Accountability Contact with the red trashcan Delete button on the specific contact line in the list view
- View the changelog for a particular Contact--Accountability Policy association with the View Record Activity Stream button on the specific contact line in the list view
- Add an Accountability Contact association with the
-
Report Presets: List view of Reports associated with this Policy (these Reports automatically apply to all Member Companies).
- Add a Report Preset with the
New Report Presetbutton. - Remove a Report Preset association by visiting the record page for that Report Preset and editing the Policy association there.
- Add a Report Preset with the
-
Policy Groups: List view of Access Policy Groups associated with this Policy (these Access Policies are made available for all Member Companies to join).
- Add an Access Policy relationship with the
New Access Policy Groupbutton. - Remove an Access Policy relationship by visiting the record page for the Access Policy and editing the Policy association there.
- Add an Access Policy relationship with the
Dashboard Buttons
Preferences Dashboard
Preferences configured on an Accountability Policy level override any Preferences specified on Member Companies. See Essential Concepts: Preferences for more information.
Accountability Contacts
List view of Person - Accountability Contact relationships.
Record View
An Accountability Contact Record has the following information:
| Parameter | About |
|---|---|
| Name | Name of the associated Person record |
| Email of the associated Person record | |
| Policy | Name of the associated Accountability Policy record |
| Canonical ID | Globally-unique identifier of this Person - Accountability Contact relationship |
| Contact CID | Globally-unique identifier of the associated Person record |
| Last Active | Timestamp of the last recorded login |
Accountability Contact Record header buttons:
- Add a new Accountability Contact record with the blue + button
- Edit this Accountability Contact record with the green pencil Update Record button
- Delete this Accountability Contact record with the red trashcan Delete Record button
- Hamburger menu:
- Update Personal Details (edit the details on the associated Person record)
- Set Console Password
- Add Group Membership
- Impersonate User (take on the identity and permissions of this user in the DrawBridge; used for troubleshooting)
- Bookmark this page with the ribbon Bookmark button
- Sync Menu (chain-link icon)
- Sync Mode (default is
2 Way - Push / Pull from Server); click record sync information - Push to Sync Publisher: initiate a record update push from this DrawBridge to the Sync Server
- Pull from Sync Publisher: initiate a record update pull to this DrawBridge from the Sync Server
- Mark to Resync: flag this record in the background to be included in the next sync run
- Sync Mode (default is
Informational tabs
-
Companies: List view of the associated Companies
- Add a Company relationship with the
Add Company Staff Relationshipbutton - Edit a Company relationship with the green pencil Update button on the specific company line in the list view
- Remove a Company relationship with the red trashcan Delete button on the specific company line in the list view
- View the changelog for a particular Company association with the View Record Activity Stream button on the specific company line in the list view
- Add a Company relationship with the
-
Policies: List view of associated Accountability Policies
- Add an Accountability Policy relationship with the
Add Accountability Policy Relationshipbutton - Edit an Accountability Policy relationship with the green pencil Update button on the specific Accountability Policy line in the list view
- Remove an Accountability Policy relationship with the red trashcan Delete button on the specific Accountability Policy line in the list view
- View the changelog for a particular Accountability Policy association with the View Record Activity Stream button on the specific accountability policy line in the list view
- Add an Accountability Policy relationship with the
-
Permissions: List view of Permission Group membership
- Add Permission Group membership with the
Add Permissionbutton - Add to a Proxy User Group with the
Add to Proxy Users Groupbutton - Remove a Permission Group membership with the red trashcan Delete Record button on the specific Permission Group line
- View the changelog for a particular Permission Group Membership with the View Record Activity Stream button
- Add Permission Group membership with the
Groups
Permission Groups
The DrawBridge console uses the model of Permission Groups: a Person record can be a member of a particular Permission Group, and thus gain the abilities allowed by that Permission Group.
For more information, see Essential Concepts: Permissions and Relationships.
People Groups
Proxy User Groups
A Proxy User Group is a group of People (similar to Device Groups being groups of Devices).
People in the Proxy User Group are users on the local network which are authenticated to the DrawBridge via the DrawBridge Agent software installed on the endpoint.
A Proxy User Group can have two origins:
- Created either by manually adding People records to a "standalone" Proxy User Group, or,
- An existing
Directory Groupdesignated as a Proxy User Group.
Create a standalone Proxy User Group by clicking the + button in the upper right corner of the list view. Give the group a name, specify the minimum permissions required to add People to the group, select any Parent Group if applicable, and ensure that Proxy Users is toggled to Yes.
Note that the list view in Proxy User Groups displays both "standalone" Proxy User Groups, as well as all Directory Groups that have been specified as a Proxy User Group; see below.
Directory Groups
A Directory Group is a group of People that has been synchronized from another server, for example, an Active Directory server.
A Directory Group can be designated a Proxy User Group by Editing the Directory Group record and toggling the Proxy Users setting to Yes.
The advantage of designating a particular Directory Group as a Proxy Users Group is that the (Person) members of that group can be managed on the AD Server; no ongoing people membership maintenance is needed in the DrawBridge.
Changes in Directory Group membership made on the AD server are automatically synchronized via the regular AD--DrawBridge sync job.
Implementation Concept Diagram
This diagram illustrates how People Groups can be assigned to an Access Policy via association with a Device Group.
See How To Guides: Assign a Proxy User Group to an Access Policy for further instructions.
Authentication Integration
The DrawBridge supports connection to an external user database for User and Group synchronization using the following database types:
- Active Directory
- OpenLDAP
Purpose
These features are intended to be used in conjunction with the DrawBridge Agent software (Windows computers only) to link the actual User signed-in on a Local Device to a specific Access Policy.
See Accounts: Groups for further information on People Groups.
See Content Filter: Web Page Access for further information on configuring Access Policies.
See How To Guides: Assign a Proxy User Group to an Access Policy for further implementation details.
Technical specifics
The DrawBridge connects to external user databases either using plain-text LDAP communication on port 389, or using TLS (LDAPS) on port 636.
A scheduled job perfomrs a background sychnronization with the database server four times a day.
A username and password to access the user database must be provided to the DrawBridge. The only permissions that are needed for the user are read access to the user and group information on the server.
Security Notes:
- The security-by-least-privilege principle dictates that the credentials provided to the DrawBridge to access the user database should not have any permissions beyond read-only access.
- When using LDAPS: The DrawBridge accepts any certificate presented by the server -- it does not perform verification/validity checks.
Record View
Both Active Directory and OpenLDAP server records have the following parameters:
| Parameter | About |
|---|---|
| Name | User-assigned display name of the server |
| Host | Address of the server, eg. 192.168.250.66:636 (Active Directory) or ldap://127.0.0.1:636 (OpenLDAP) |
| Server Type | Active Directory or OpenLDAP |
| Username Format | Active Directory or OpenLDAP |
| Status | This record is Active or Inactive |
| Search Base | Examples: dc=local or ou=Accounts,dc=eastwoodtc,dc=lan |
| User Object Class | Examples: person (Active Directory) or exinetOrgPerson (OpenLDAP) |
| Group Object Class | Examples: group (Active Directory) or posixGroup (OpenLDAP) |
| Device Object Class | Example: computer (Active Directory) |
- Edit the Directory Server settings with the green pencil Update Directory Server button
- Delete the Directory Server record with the red trashcan Delete Directory Server button
- Hamburger menu:
- Verify Connection settings: test the provided authentication credentials. An alert will display the results of this test within seconds.
- Sync Directory Servers: trigger a manual sync job to run immediately. (Note: this routine does not provide any status information.)
- Bookmark this page with the ribbon Bookmark button
Informational Tabs
Field Maps
Map DrawBridge database fields to the directory server fields. Add a new relationship with the Add Field Relationship button.
Remove a field relationship with the red trashcan Delete button on the relevant line.
Example configuration (Active Directory)
Note: Your environment may be different.
| Console Field | Directory Field |
|---|---|
| first_name | givenName |
| last_name | sn |
| username | cn |
| cid | objectGUID |
| userPrincipalName |
Company Maps (Active Directory only)
Assign a Directory Group to a DrawBridge Company with the Add Group to Company Map button.
Remove a Directory Group to DrawBridge Company relationship with the red trashcan Delete button on the relevant line.