With development of grid technology, sensitive data protection becomes a difficult task for accesses from heterogeneous domains. Moreover, anonymity and unknown peers worsen security problems. Traditional access control mechanisms are not suitable to distributed environment. Several models and mechanisms make use of trust evaluation to assist access control decision. But few explicitly consider trust and risk as two separate factors which affect interactions between peers. In this paper, we present an access control mechanism which considers both trust and risk as two vital parameters. We also introduce static game model with incomplete information to analyze the optimal decision. In addition, a new model of trust evaluation is proposed to represent the confidence in the peer. To appease people’s anxiety about loss, a model of risk assessment is also presented to indicate impacts on resources. At the end of this paper, to describe how our mechanism works, a scenario is provided.