How to enable ino:security's function?

Hi, all:
I have installed Tamino-2.3.1 on Win2000 with
IIS WEB server. I have written a ASP-server Script
to Insert a XMLDocument successfully. As I know,
the security policy for Tamino are:
1. Authentication by WEB server
2. Authorization by Tamino
I have added a user account “badman” in Win2000,
and I setup the IIS to do the user authentication.
My database information is as follows:
DatabaseName: pure
Collection: sailing(Schema: yacht Doctype)
user: badman (belongs to group Deny-Group
group: Deny-Group(member:user, ACL: Deny-All)
ACL: Deny-All(Node:sailing, Node:sailing/yacht
with access right NO)
I try to Insert a “yacht” Doc into collection
sailing, however, this operation is successfull.
In my thought, the account “badman” will pass the
IIs authentication, then failed to Insert yacht-
Document. Where I am wrong? In addition to,
I also have some questions:
1. How to obtain more examples about setting
access rights?
2. How to let the default-access right operating
to Tamino database be denied, then allow the
rights on ino:security?
3. The security tool within Tamino System Manager
Hub will occur unexpected error for version
2.3.1, Does any one have the same situation as
Thanks for your reply!