A procedure is a based on access pattern approach to secure file system (SFS), using RBAC, Public/Private Key, Session Key, Dynamic password, etc. We propose access pattern based on RBAC to enforce dynamic access control policies. Security policies are expressed as rules depend upon a user’s access history and/or an object’s history of being accessed in order to specify policies for security and management of secure file system. An experience engine is utilized to evaluate policies, dynamically assign authority to user. For the purpose of XML documents, is described allowing for definition and enforcement of access restrictions directly on the structure and content, providing a simple and effective way for user and administrator to protect and to manage information. Using middleware of SFS to control the request file, it must consider role, operations, even access time and history. In general, it is safe to express authority in the organization. But, it is difficult for manager if want to do particular limit in the organization. In order to solve this problem, we propose a manner to settle relies on access pattern. Again, using middleware, it is to manage policies, transfer file and exchange decrypted key. Finally, we provide negotiation way and algorithm between middleware and viewer. To implement the core of middleware and a special viewer for the client, we could obtain a dynamic management and secure file system.