An access control system that restricts access to servers and computers and data operations has a problem that implementation of access control in business logic complicates state management, easily causes implementation errors, and easily introduces bugs. In this paper, we propose a method that reduces the possibility of implementation errors in the access control system by using a new approach that separates the logic of the access control server and the DB server.