Abstract: The RBAC (Role Based Access Control) application improved system usability and robustness.This paper analysised the RBAC model,and pointed out some deficiencies in its fine-grained.Combined with UML modeling,RBAC model was refactored.It put forward to object oriented RBAC model (OORBAC) with ability to tiny fine-grained access and supporting permission poset.Based on OORBAC model and combined with some GoF patterns,a common framework was designed.It is superior in synchronous/asynchronous and poset permission relations expression,and supports dynamic access control on fine granularity more flexibly and efficiently.