the headers already sent error means that there is html or other output to the page before calling the header function.
the restrict access behavior will use the header function to redirect to the login page if the restriction does not pass, if you have that in a part of the page after there is output, you will get the error you are describing.