I dont see any rules that you have created for user level authentication.
There is an old tutorial for USer level authentication here:
http://assets.webassist.com/solutionrecipes/securityassist_user_level_auth_sr.pdf
is was created for security assist 1, but the concept is the same.