The first thing to do is to create session values for each upon user authentication.
Then go into your rules manager and create a new rule. Then in your new rule, use the dialogue box to compare the value in the session to your entered value to make sure the user has the correct credentials.
The rules access manager has a "+" button that will allow you to add as many conditions as you like.
Cheers,
Brian