Cloud provider manager and cloud users are not fully trusted due to the separation of them, so there is a potential threat of user data leaks. The traditional access control models are not suitable for cloud environment, because they give the cloud provider manager too much authority. In this paper, a regional authoritative access control model based on the existing RBAC (Role-Based Access Control) is proposed to solve the problem of unequal permissions between users and owners of the cloud platform. A Four-Handshake Agreement is put forward and is realized to improve the business process how the users join the Openstack. By applying CPK (Combined Public Key) mechanism, the authentication pressure of Keystone is relieved while the unreliable environment access control is solved.