This paper has proposed a new type of WEB-based access control method which adopted the “Role-function model” user access control idea. Divide business functions of the page in the bottom menu on the basis of the Web page organizational structure that required by system business requirements and the user access control requirements,, then use the business function as the basic unit of permission configuration, control the user’s access to the page, the html elements contained in the page, its operation and other Web system resources through configuring the relationship among user, role, page, menu and the functions. The practical application showed that the access control model can effectively control user’s access to the Web system, in the meantime, it has simplified the user’s operation and possess strong versatility; it has efficiently reduced the workload of Web system development.