Inspired from Sandhu's scheme, this paper presents a cryptographic key assignment scheme in tree hierarchies for access control. Initially, the root security class is assigned an arbitrary secret key which is a 3-dimensional row vector. Any other security class's secret key can be generated or derived from its ancestor's secret key as needed. In our scheme, the secret key can be used directly as an encryption key, or used as an encryption-encryption key for generating an encryption key to encipher the owned information items. Our scheme preserves the advantages of Sandhu's scheme, such as a new security class can be defined easily and the size of secret key is fixed. Furthermore, each security class can freely choose or change its encryption key for protecting the owned information items without altering the existing secret keys.