your first scenario is just standard authentication.
your second scenario is user level authentication
see the following tutorial for details:
http://assets.webassist.com/solutionrecipes/securityassist_user_level_auth_sr.pdf
it was written for Security Assist 1, but the concept is the same in the current version.