Abstract: Combined with the issues of private permissions, department permissions and changes of permission types, subjects of role permissions and role hierarchies are analyzed in more depth and an improved role hierarchy model for role based access control (RBAC) is introduced against the imperfections of the famous RBAC96 model. Some new concepts such as special permissions are presented in the model. Concepts like normal inheritance, privatizing inheritance, publicizing inheritance and special-without inheritance are defined, thus a new role hierarchy model is formulated. It is simpler and more comprehensible to describe the same role relationships in the improved model when compared with RBAC96. It is more flexible, and more suitable to be used in large-scale role hierarchies such as operating systems, DBMS, distributed applications, etc.