I ABSTRACT ABSTRACT Grid computing has recently emerged as a new format of distributed computing infrastructure. Because the services and resources in wide-area networks are dynamic, heterogeneous and multi-domain,security is a critical concern in grid computing. Authorization and Access Control are very important aspects of security, but there is still not a perfect method to solve them. GT2 used an acl file, known as gridmap file, to map Grid identity to a local identity associated with an unix account. GT3 installation uses the same file as used by a GT2 installation. It has a number of shortcomings when matched up with the requirements in Virtual Organization (VO). For example, Authorization on job manager is static. Local enforcement depends on the rights attached to the user’s account, not the rights presented by the user with a specific request. Local account must exist for each one and this creates an undue burden on system administrators and users. To solve the problems above, we propose an access con