Here’s a good tutorial to get started with authentication, authorization:
To disallow someone from viewing a certain action you can can check the accessRules() function (If you can a CRUD generator controller)
array('allow', // allow authenticated user to perform 'create' and 'update' actions
'actions'=>array('create','update', 'view'),
'users'=>array('@'),
),
‘users’ = array(’@’) means only authenticated users and in the actions array i have specified the ‘view’ action which will only be available to the logged in users (in your case).
Learn more about it from the tutorial link, its best to learn the basics and do it than to waste time figuring out