Have you set it up correctly in the management panel?
../index.php/rights or ../index.php?r=rights depending on the configuration.
There you create roles and permissions for each role. For instance the permission can be actions or controllers. If you assign Site.* to Authenticated then logged in users have access to all actions in the Site controller.