you need to edit the authenticate user behavior on the login page. go to the session tab to set the user level in a session variable.
then you create the access rules based on the user level session.
see the user Level Authentication tutorial in the archived documentation section of the security assist support page for more details:
securityassist/