Traditional　discretionary　access　control　can＇t　provide　adequate　security.　Rules　of　existing　mandatory　access　control　models　are　very　rigid,　and　barriers　in　document　flow　occur.　We　propose　a　mandatory　access　control　model　is　proposed　which　is　suitable　for　document　flow.　In　this　model　the　requirements　of　both　integrity　and　confidentiality　are　met.　Flexibility　of　discretionary　access　control　integrates　with　security　of　mandatory　access　control.　Through　checking　the　rules,　information　can　flow　bidirectionally.　The　security　of　the　model　is　proved　on　the　basis　of　noninterference　theory.