Due to the increasing threat of network attacks, network and information security is an upmost concern for CSCW. Traditional Role-Based Access made focus on the typical roles divided according to organizational roles in CSCW. It is insufficient to have role permissions based on object types for collaborative environments. An extended role-based access control model is proposed in this article to expand role to construct the hierarchy of security domain for CSCW. The total CSCW system was called security domain. Subdomain roles inherit security domain roles. Atomic domain roles inherit subdomain roles under role constrains. All extended role and role constraint are partial ordering and are used to restrict the range of access control for all CSCW participants.