With the popularity of cloud computing, the security and manageability of cloud data faces new challenges. Object-based storage cluster is a cloud computing architecture, which is usually used to store classified and graded unstructured data. Under the premise of untrusted cloud service, how to achieve practicable fine-grained access control mechanism of massive classified and graded data while protecting data from unauthorized access, is an urgent issue to be handled. The proposed methods in recent years offer no effective ways to solve this new problem. By taking full advantages of mandatory access control method, attribute-based encryption and object storage technology, and by combining with the characters of classified and graded data, this paper proposes a hierarchical secure label-based access control model in object cloud. Similarly, the core algorithm in this model, which is called CGAC and provably secure, provides a method to embed the hierarchical feature of classified and graded attributes into ABE mechanism, and get constant-size ciphertext. This algorithm not only has flexible access policy and hierarchical authorization structure, but also combines the benefits of metadata management of object storage. Finally, through the theoretical analysis and experimental system implementation, the paper verifies that the model's computation cost in encryption and decryption is acceptable, confirming the proposed method has high practical significance.