you identify a particular user by the UserID session value. you would need to know the ID for the particular user name and password, then use security assist to create an access rule to allow if the UserID session value is equal to that particular users ID value.
you can then apply the security assist restrict access behavior using this new rule to the pages for that one user.