As the security of cloud storage cannot be effectively guaranteed, many users are reluctant to upload their key data to the cloud for storage, which seriously hinders the development of cloud storage. Since ensuring the confidentiality of user data and avoiding unauthorized access is the key to solving the security problems of cloud storage, there has been much cryptographic research proposing the use of the combination of cryptography technologies and access control model to guarantee the data security on untrusted cloud providers. However, the vast majority of existing access control schemes for ciphertext in cloud storage do not support the dynamic update of access control policies, and the computational overhead is also very large. This is contrary to the needs of most practical applications, which leverage dynamic data and need low computation cost. To solve this problem, combined with identity-based cryptosystem (IBC) and role-based access control (RBAC) model, we propose an RBAC (In this paper we use RBAC1 model which is richer access control model)) scheme for ciphertext in cloud storage. We also give the formal definitions of our scheme, a detailed description of four tuple used to represent access control strategy, the hybrid encryption strategy and write-time re-encryption strategy, which are designed for improving the system efficiency. The detailed construction processes of our scheme which. Include system initialization, add and delete users, add and delete permissions, add and delete roles, add and delete role inheritance, assign and remove user, assign and remove permission, read and write file algorithm are also given. Finally, we analyze the scheme and prove that it is correct, access control preserving (AC- preserving) and secure.