With the rapid developments occurring in cloud computing and services, there has been a growing trend to use the cloud for large-scale data storage. This has raised the important security issue of how to control and prevent unauthorised access to data stored in the cloud. One well(RBAC), which provides flexible controls and management by having two mappings, users to roles and roles to privileges on data objects. In this paper, we propose a role-base encryption (RBE) scheme which integrates the cryptographic techniques with RBAC. Our RBE scheme allows RBAC policies to be enforced for the encrypted data stored in public clouds. Based on the proposed scheme, we present a secure RBE based hybrid cloud storage architecture which allows an organisation to store data securely in a public cloud, while maintaining the sensitive information related to the organisation’s structure in a private cloud. We describe a practical implementation of the proposed RBE based architecture, and discuss the performance results. We demonstrate that users only need to keep a single key for decryption and system operations are efficient regardless of the complexity of the role hierarchy and user membership in the system.