What you're dealing with is the authenticate / authorize sequence.
Authenticate covers topics such as login / password / session access to the site. Authorize covers role (or other) based access within the site.
Google either for gems / plugins / discussions