** When adding additional 'Site User Admins' other than the primary user, these users must have at the very least READ access to the root directory of the site.
** If the page that you are trying to access with the new user is trying to access includes or images that are located outside of the password protected directory you will not be authorized.
Grant access to the specific users to the other locations or give the user file permissions from the top/root level down.
If you are still unable to login to this newly password protected directory, it may be because when executing the ASP, ASP.NET or Cold Fusion page, the script looks for the global.asa, web.config, or application.cfm file in the root of the site and because the user you logged in as only has access to the subdirectory you will not be able to access this page.
If this is the case, try creating an application starting point
on the subdirectory. This will force the script to look in this same directory for the files. You may need to copy the global.asa, web.config, or application.cfm into the subfolder.
** This method has changed from mid 2004 by a Windows Security update where the EVERYONE user group used to get permissions removed. This is no longer the correct way to implement password protection.