The way that security assist works is:
The Login form collects the username and password. when submitted, it looks in the database to see if there is a record where the entered user name and password match. if a match is found, the ID of that record is saved to a session variable.
The default Logged into <Your Users table> access rule that security assist creates is set to allow access if the User ID Session variable created by the login page is not empty.
The only way for that session to not be emory is for the user to enter a valid username and password on the login form.
for each page that will be secured, you will need to add the security access rule to it. As new pages are created in the site, if they are to be secured, the access rule needs to be applied.
a page that you do not apply the access rule to can be accessed by any visitor to the site.
WE don't have tutorial on the basics of how security assist works, but you may find the security assist getting started guide helpful:
or the user level authentication tutorial: