Because of its specification and easy administration, role-based access control(RBAC)has been generally accepted and widely used, but it can''t fully meet the security needs of time-sensitive activities for its lack of time constraints and dynamic adjustment permission states. For RBAC''s shortcomings, a dynamic time-constrained and role-based access control model(DTC-RBAC)is presented. In DTC-RBAC model, we formally define the concepts and functions about time system and time constraints assignments. Furthermore, we analyze four states of permission and permission states transformation, and design an algorithm for calculating the shortest-time of permission states transformation to ensure validity of permission states and efficiency of permission states update.