[eluser]CroNiX[/eluser]
htaccess only works for direct WEB requests. If you are including a view, using php, that is in a directory restricted via htaccess it won't have any affect. That's why it prompts for the password when accessing directly.
Your application should be taking care of who can see what once authenticated based on some sort of permissions.
Not sure why you'd have to convince them that CI isn't rigid. This problem has nothing to do with codeigniter. Only apache and php.
