The way you are applying the rules is correct, however, you should not use a recordset reference when creating the rule.
on the login page, double click the Authenticate user server behavior. On the Third tab, you can select columns from the users Table to store in session variables, Select the status column to have the status for that user stored to a session variable when they log in. In your rule, use the session variable instead of the recordset.