Insider attacks are one of the most dangerous threats on security of critical infrastructures. An insider attack occurs when an authorized operator misuses the permissions, and brings catastrophic damages by sending legitimate control commands. Providing too many permissions may backfire, when operators wrongly or deliberately abuse their privileges. Therefore, an access control model is required to provide necessary permissions and prevent malicious usage. This paper proposes a new access control model in Supervisory Control and Data Acquisition (SCADA) system. Proposed model extends the Role Based Access Control (RBAC) model by incorporating an operator trust assessment process. The operator trust is calculated periodically or when an insider attack is detected. The simulation results illustrate that the proposed model is effective, and the access of attacker or unskilled operator will be limited as the access of skilled operator will be increased.