This paper presents an efficient,fine-grained and flexible access control scheme for the cloud storage at a scenario of the ciphertext-policy attribute-based encryption(CP-ABE).This scheme combines the techniques of segmentation of secret key and proxy re-encryption,and cloud service provider(CSP)will do most of re-encryption computing when the permission is revoked,which greatly reduces the computational cost of data owner(DO).Compared with existing schemes,this new scheme not only supports a variety of threshold gates access control policy,but also supports two different revoking units including attributes set and different user having the same attributes set when the permission is revoked.Finally the paper analyzes the security and runtime efficiency of the scheme.Experimental results show that the proposed scheme is superior to general schemes,especially considering cloud storage and the more users,the new scheme shows the more obvious advantages.