In a practical system of commerce sites, we not only need to focus on their own functional requirements, but also need to consider many other security requirements. Security is a very important aspect. Access control occupies a vital role in a website system. To solve the problem of access control is to solve a majority of the security problem. The role-based access control model separated users and permission with logically, meanwhile it reduces the complexity of management, and reduces administrative overhead and management complexity. The role-based access control model will play an important role in the increasing size of business information management system. We can use the role-based access control model to solve the problem of access control, and put it into the information system.