Abstract: The paper establishes a user behaviour trust and Role-Based Access Control（RBAC） model，which introduces the attribute concept and adds the user behaviour trust degree set on the basis of RBAC model.The detailed description and the authorization flow are given in the article.At last the model is analyzed from the dynamic performance and trust mechanism and role numbers and work performance.The new access control achieves the dynamic authorization by the dynamic assignment of role attributes and achieves the connection identity trust with behavior trust by setting the trust degree as an obligatory attribute，which changes the static authorization only based the identity of existing access control models.The model can reduce the role number by setting the attributes for the role，which can lighten the role management burden caused by the large number roles and improve the performance at the same time.