Abstract: Access control is an indispensable part of any information sharing system. Collaborative environments introduce new requirements for access control, which cannot be met by using existing models developed for non-collaborative domains. We have developed a new access control model for meeting these requirements. The model is based on a generalized editing model of collaboration, which assumes that users interact with a collaborative application by concurrently editing its data structures. It associates fine-grained data displayed by a collaborative application with a set of collaboration rights and provides programmers and users a multi-dimensional, inheritance-based scheme for specifying these rights. The collaboration rights include traditional read and write rights and several new rights such as viewing rights and coupling rights. The inheritance-based scheme groups subjects, protected objects, and access rights; allows each component of an access specification to refer to both groups and individual members; and allows a specific access definition to override a more general one.