Access control or authorization is a concept which dates back to the era when human began to preserve his possessions. From the commercial aspect, this concept involves a potential view for optimized sharing of information, resources and control of users with the aim of information disclosure or elimination of invaluable information. In this dissertation, a brief description is given, including different types of access control policies, characteristics, goals with their, advantages, and disadvantages. The main concentration is laid on the role-based access control (RBAC). The bases of this policy are explained, namely core role-based access control. Several types of RBAC such as hierarchical access control, control of static and dynamic constraints and their advantages and disadvantages explained in detail. A standard policy together with the useful rules in this policy is stated. Role-based administration is another subject coming forth in the RBAC, the aim of which is the correct management of data, and resources. In this dissertation, some cases of the use of RBAC are mentioned in the organization information technology infrastructures like the workflow management systems. The use of constraint in the description of access control circumscriptions would simplify the control operations. Eventually, a suitable framework for the implementations of RBAC constraints in workflow system is selected, and followed by an implementation of a software tool.