I think you are trying to handle a few things at once and it would be better to deal with these things one at a time.
To start with you will need to edit your users table in the db and add in the column, it sounds like you already have this worked out.
The next thing you are going to do is use the DataAssist Wizard to generate the administrative back end pages. You do not need to worry about securing them yet, you need to get them created and ensure they are functional first.
Once that part is all done you can then craft the front end pages of the site that the users will see.
The very last part of this will be to use the Security Assist wizard to generate the set of register, login, and update profile pages. Once you have used the Security Assist wizard to generate the pages you can then create your admin and user rules. Finally you would apply the appropriate restriction rule to the pages you want to restrict access to.
This is just a high level overview for how you should proceed. You should start at the top of this list and work your way down. In the end you should have the setup that you have described. Once all of this is done you can then think about the commerce aspect.