The invention discloses a dynamic access control framework facing internal attacks, and belongs to the technical field of information security access control. The dynamic access control framework comprises a submission of an access request, a calculation of user enablement roles, a calculation of enablement roles permissions, a selection of the enablement roles, a reduction of candidate enablementroles, and a calculation of risk values. According to the dynamic access control framework facing the internal attacks, the satisfiability of environmental constraints in an access control policy isevaluated by using an environment model, thereby achieving dynamic adjustment of user authority, and preventing accesses of illegal users; permission ranges of legal users are constrained according tostrategy constraints and risk analysis, thereby avoiding internal attacks of malicious users; and a triple control of access requests is achieved by analyzing environmental information, the strategyconstraints, and access risks, thereby preventing illegal and malicious access behaviors can in time, more effectively protecting network resources, and guaranteeing safe and efficient operation of the system.