Securing access to data, applied to mobile service applications with temporal and spatial controlling, requires constructing innovative definitions with temporal and spatial limitations for an access-control system. To cope with the temporal and spatial requirements, we propose a generalized Temporal and Spatial RBAC (TSRBAC) model. In the TSRBAC model, temporal-period and spatial-location based entities are used to constrain the permissions of objects, user positions, and geographically bounded roles. Furthermore, we also present temporal and spatial relations of Temporal and Spatial Separation of Duties (TSSSD), Temporal and Spatial Dynamic Separation of Duties (TSDSD) constraints in the TSRBAC model.