Security Assist - help with access rules

I'm trying to manage access to pages by user level.

The site will allow people to log in to various pages, but only a subset of all users will be able to add new tour itineraries to the site.

I have my table of users, with a column for User_Level - currently 1, 2, and 3.

I have it all working so that anyone can log in.

But am going wrong in restricting some pages to users with a User_Level of 3.

I have attached the page I am testing, along with a screen shot of the Access Rules Manager dialogue box. The first condition is for people logged in, and I have added a second condition to only grant access to the page when the User_Level session variable = 3.

Which I thought was it, but I'm missing something, as it isn't working yet.

Thanks.

Actually, I was going through some of the archived documentation for SA, and noticed that in the example there, the rule only had the second condition, without the original one to be logged in. I tried taking that out in my example, and it looks like its working now.

Does that sound about right?

One other question on this - if I have one set of pages that are restricted to one group, and another set of pages restricted to a second group, what would the rule be to allow a third group access to both sets of pages?

EDIT - think I've got that now. I would use the Groups?

So I would have three user levels:

1. Administrators
2. Tour Operators
3. Lodge Owners

And add two new groups:

1. Administrators and Tour Operators
2. Administrators and Lodge Owners

And the In Group as my criteria in two rules based on those groups.

yes, thats correct.

to allow access to Admins and Tour Operators, Create a group with the values of 1,2 and use the InGroup condition.

to allow access to Admins and Lodge Owners, the group values would be 1,3 and use the InGroup condition.