Each database can have any number of users and each user has a password. Before a particular user can open a database a password must be supplied.
Actually, because a workstation remembers passwords, you will only have to enter the password the first time you open a database as a particular user. After that you can open it without entering the password. The workstation itself should be protected by a password. But once the workstation is opened, any database in the workstation's login table can be opened quickly because a password does not need to be collected each time.
To set a user password, open the database and position on the user's password field. The password field can be found in any table of users, and also on the Options view of the user. Generally, only the administrator or a user with access to the root user object can change user passwords.
When positioned on the password field, press <F3> for edit assistance. You cannot type a password directly into the password field because passwords are special. They are not displayed and when entered, they must be entered twice to verify that the password was entered correctly. When you press <F3> a dialog will pop up to collect the password and verify it. You don't have to enter the current password before you can change it. If you have access to the user in the first place, then you have the right to change the password.
If you are the administrator you can change any user's password. You can position on a table of users where there is a column for the user passwords. You can position on any user password and change it. This is one way you can lock an existing user out of the database. Simply change the user's password and without knowing that password they cannot access the database. Note that you cannot eliminate a user by deleting a user because typically the user will have sessions and audit records that cannot be simply discarded.
A typical user, i.e. not the administrator, should only have access to his/her own user object, and not other users. In many cases you will not even grant a user access to his/her own user object. The user object will always appear in the user's access table but the user have access to his/her own user object only if the access row's Folder field is set to folder, i.e. not file. Only if a user has access to his/her own user object can the user change his/her own password, or any other user option.