This paper discusses how to design and implement a security subsystem, which based on the Role-based Access Control technology. By taking a teaching web system as a practical example, the paper establishes an access control matrix, so dynamic menu, page jump, and data access control are loaded. The experimental shows that, the system can controls the access authorized data, and to avoid the illegality access. The practicability and robust in the system is evident.