In the archived documentation section of the security assist support page, there is a tutorial for user level authentication that talks about using the access groups manager. it was written for version 1, but the concept is the same.
The Access groups manager allows you to set a collection of values that can be used in an access rule.
For example, if I wanted to create a rule to allow access to Admin and Super admin users, I would need to create an access group containing the user level values for the admin and supper admin.
One common problem with the access groups manager is that it is possible to add an empty value to the group, make sure that the group you create does not contain an empty value.
the access groups manager needs to be used in conjunction with the security assist Authenticate user behavior on the login page.
open the login page and double click the Authenticate user behavior to edit it, on the session variables tab, you will need to click the plus button and select the Access level column so that it is stored in a session at log in.
In the access rules manager, you will use this session when creating the access rule:
Allow If:
For the value, click the lightning bolt icon and select the access level session
set the criteria to In Group
then select the group you wish to use