Abstract: In order to raise information safety in enterprise authority managemen, as combined with the so called account, authentication, authorization, audit (AAAA) technology, a model of rolebased identify and access management(IAM) system is designed. The unified management of the account, the certification, the authorization, the audition and single sign on (SSO) are realized as results. The deficiencies possibly apppeared in information safety can be made up. So the system can run normally therefore in a safe and efficient environment.

Key words: role, account、authentication、authorization、audit, authority limits management, single sign on