This paper proposes a modelling of information security policies in the framework of possibilistic logic. Our modelling is based on the concept of roles associated with users. Access control rules, guaranteeing the properties of confidentiality and integrity, are encoded in terms of stratified knowledges bases. The stratification reflects the hierarchy between roles and is very useful for dealing with conflicts. Keywords : possibility theory, security policy, access control, stratified knowledge bases.