Abstract.Based on the Role Based Access Control (RBAC) model, this paper presents a Four-Dimensional Access Control (FDAC) model which contains four scopes: user, role, function and metadata. The FDAC model realizes the permission control of function and data, and it completes the whole process through meta control and function view. This new model is in favor of modular development and design, and reduces the repetition of coding and complexity of its business logic. It is applicable to most information systems under multiple platforms and has better scalability.