Report access is controlled by Report Security. Report Security is by combination of report and version. Users who submitted the report have access to their own archived reports by default. Others users can get access if the administrator assigns access to them.
The Output Manager verifies access by your Windows / Active Directory credentials. Users are associated with their Windows user id in User Configuration. When a user navigates to the Output Manager URL, it knows the network credentials of the user without prompting for it (this is called Windows Integrated Authentication).
You can deny access to any user in your organization by assigning the appropriate security to the folder where the Output Manager console is installed.