Role-based access control model has been widely studied and used because of its flexibility in management and simplicity in use. However，some shortcomings exist in implementation of accessing different data of the same business object with a role in authority system. It presents an access control model which introduces domain，domain control and restricted objects. The model reduces the complexity of granting access to a role ensures safety for accessing web resources. The model has been successfully applied in a practical management system and provides a new model for access control of enterprise informatization system.