Traditional data sharing systems are facing new challenges when implementing access control with more and more complex data sharing requirements. Flexibility of user revocation in completely decentralized environments needs to be taken into account. In this article, we propose a Key-Policy Attribute-Based Encryption scheme with Multiple and Flexible Revocation (MAFR-KP-ABE) to achieve the features of decentralized authorization and flexible revocation. We prove the security of our MAFR-KP-ABE scheme in the standard model and provide the comparison with relevant schemes to demonstrate its efficiency. Then we propose a fine-grained access control system based on MAFR-KP-ABE scheme and blockchain that matches the need of paid data sharing services with several security properties enhanced. Security analysis and system implementation are given subsequently to demonstrate our system efficient and secure.