you would use User Level Authentication.
in your users table, create a user group column.
you can define multiple user groups for accessing contacts or other areas of the site.
on the login page, edit the authenticate user server behavior, on the session variables tab, add the User Level column so it is stred as a session.
this will allow you to store the Users ID and User level when they log in.
you can then create access rules based on the user level, so that nly contact User level users can access the contact page.
in the contacts page, set the recordset to use the UserID session variable to filter only contacts that belong to that user.
here is an older tutorial on user level authentication:
it was written for Security assist 1, but the concepts still apply.