With the rapid application of service-oriented technologies, service and data outsourcing has become a practical and useful computing paradigm. Combined use of access control and cryptography was proposed by many researchers to protect sensitive information in this outsourcing scenario. However, the rigid combination in existing approaches has difficulty in satisfying the flexibility requirement of access control for diverse applications. In this paper, we propose a flexible authorization by generating public re-decryption trapdoor. The features of our solution are as follows: simple key management without the need of key derivation for users to decrypt cipher texts, grouping users during authorization to reduce management workload, composing conditions for accessing new resources without generating new keys if the re-encryption keys for atomic conditions have been produced.