RBAC(role-based access control) is emphasized recently due to its simpleness, fl exibility, fine-grained control ability and strong usability, and has been prove n to be efficient to improve security administration with flexible authorization management. During the past decade, RBAC has been studied by many researchers a nd many extensions have been proposed to perfect it. Now, studies on the object part of RBAC model are relatively insufficient compared with those on the user-r ole part. A new administrative role-based access control model is proposed in th is paper, which extends the proposed NIST standard for RBAC effectively. The new model is more integrated and closer to most organizational structures by extend ing the abstracts about the objects and access type, and it can be administrated more conveniently combining with ARBAC 96 model. Based on this extended model, a secure network file system prototype is implemented.