By default, Tersus employs tomcat basic authentication, which means that if the project contains at least one permission definition, tomcat will request credentials before the project is displayed.
It seems you're looking for an alternate behavior, whereby non-priviliged users can access non-privileged parts of the app without having to provide any credentials.
This behavior is possible by controlling the authenticationMethod property of the root system (via either the Properties view of the studio or the Configuration.xml file) - setting it to Custom/None disables basic authentication.
This means that you are now responsible to implement (model) your own authentication mechansim, and until you do so, only the non-priveleged parts of your application will be accessible.
We do provide an example implementation in the Authorization application template. To review it, create a new application via File>New>Tersus Project, with Template=Authorization.
For best results, use the Firefox browser..