Access control is an effective way to ensure that users have access to information they need with system permissions securely, which has become a significant research problem on security issues recently. In most research areas, the RBAC theory are considered as a popular access control solutions for general-purpose, while lacks the ability to satisfy the specific requirements of the system. In this paper, we propose an access control model based on RBAC for managing user access to resources and authorizing rights by analyzing the complex business processes. The model is implemented by XML document in complex business process, which was regarded as a four-tuple, with self-built tags to extend markup language. Practical results demonstrate that this model for the access control application in ship registration system by J2EE framework has also enhanced audit effectiveness and simplified access-control compliance.