Abstract: Role-based access control (RBAC) is a major technology in computer integrated manufacturing systems (CIMS)'s security management. In this paper, a double-layer RBAC model under B/S environment is presented. In this model, RBAC is applied to both database layer and web container layer. Furthermore, A CIMS security model is established with the help of role-based custom-built menu technology. This security model is applied to all application layers to protect the system resource located at different application layers. Using this security model and the technology of Oracle9i/BES6.5/j2ee, a CIMS's security management system under B/S environment is realized.