If you have access to this page, this means you have enabled authentication and authorization in the quickstart to create your project.
The paster command will have created a few specific controllers for you. But before you go to play with those controllers you'll need to make sure your application has been properly bootstapped. This is dead easy, here is how to do this:
paster setup-app development.iniinside your application's folder and you'll get a database setup (using the preferences you have set in your development.ini file). This database will also have been prepopulated with some default logins/passwords so that you can test the secured controllers and methods.
To change the comportement of this setup-app command you just need to edit the websetup.py file.
Now try to visiting the manage_permission_only URL. You will be challenged with a login/password form.
Only managers are authorized to visit this method. You will need to log-in using:
login: manager
password: managepass
Another protected resource is editor_user_only. This one is protected by a different set of permissions. You will need to be editor with a password of editpass to be able to access it.
The last kind of protected resource in this quickstarted app is a full so called secure controller. This controller is protected globally. Instead of having a @require decorator on each method, we have set an allow_only attribute at the class level. All the methods in this controller will require the same level of access. You need to be manager to access secc or secc/some_where.