In order to implement the security management of management information system (MIS), a target-based security management architecture is proposed. For MIS users, the user interface (UI) is the only way to interact with the MIS system, so all the objects (targets) which need to be managed on UI is registered first, thus for every target the state such as enabled, not enabled, visible, not visible, readonly etc., is assigned. For some users, a set of targets with some state is assigned so that the management granularity in MIS can reach any degree. This approach provides a very flexible way to the security management in MIS.