Abstract: Secure interaction between trusted-domains is a major concern.Combining the advantages of RBAC and the existing authentication technique on crossing the trusted-domain，this paper proposes a model on Crossing the Trusted-domain Privilege Management（CTDPM） which is suitable for distributed network.Role recommending policy and unilateral role mapping policy are proposed to back the safe access between two trusted-domains.By using set theory and the logic of predication，this paper describes the CTDPM model systematically，then gives a suit of rules on privilege and safety，and analyzes their characteristic.Finally，the safe application of this model is demonstrated by showing how it can be used in an access control system.