Abstract:Through analyzing the RBAC of XACML-based framework and combining with the characteristics of RBAC96 model,this paper point out the shortcomings of the framework that it does not support the restricted model in RBAC96 model. By increasing XACML description for the mutually exclusive roles and cardinality constraints in the framework,this paper improves the framework and ultimately uses it in the GridSphere portal and realizes the principle of separation of responsibility in the authorization process.