Now it is imperative to establish a flexible and secure access control model adapting to dynamic environments. Traditionally access control models focus on access decisions by the required credentials of users, but ignore the outside environment factors. In this paper, we consider that when locating different environments with dissimilar security status, user should have different permissions. Consequently, we present a novel environment-aware access control (EAAC) model based on role based access control (RBAC). EAAC extends traditional RBAC to include the notion of both environments and behaviors by introducing a new conception that embodies the dynamic environmental factors.