so there are a couple of different ways to go about this.
One way would be to use an attribute from the user directory and set up a user access rule based on that attribute. Another way would be to use the userdirectory as the value in a user access rule.
If neither of those options work, you can create a custom property and set the custom property to the users you want to provide access. Then create a user access rule to that allows users with that property access.
The way you are doing it in the screenshot will not work. You need to create an entry for each individual userid, not attempt to set them in one condition. You can add conditions by clicking on the plus sign on the right. However, this approach is inefficient and not easy to manage.
For the second piece (stream access), Use the Everyone stream security rule as a template to create rules for the streams you want to open up. Put another way, create stream rules for the specific streams you want provide access to, and follow how the Everyone stream is set up to provide the same access.
Much of what you are asking is covered in a webinar you can watch here: SenseSecurityRules.mp4 - Google Drive
If you want to do the mass addition of the custom property to users, I can work up an example of that using Qlik Repository Service (QRS) API and Postman.