Security requirements have become an integral part of most modern software systems. In order to produce secure systems, it is necessary to provide software engineers with the appropriate systematic support. This chapter discusses a methodology to integrate the speci?cation of access control policies into UML. The methodology, along with the graph-based formal semantics for the UML access control speci?ca-tion, allows to reason about the coherence of the access control speci?cation. The chapter also presents a procedure to modify policy rules to guarantee the satisfaction of constraints, and shows how to generate access control requirements from UML diagrams. The main concepts in the UML access control speci?cation are illustrated with an example access control model for distributed object systems.