Though a user's privileges are often granted based on the tasks that the user is expected to fulfill, the concept of tasks is usually not explicitly modeled in access control. We propose a system where tasks are the central concept that associates users to privileges. Ideally a user should be able to utilize these privileges and fulfill his tasks, but not to take harmful actions. To ensure this, a system often specifies a high-level security property to restrict the sequence of actions that a user can perform. In this paper, we propose a general model of access control in task-based system. This model considers the permissions a user as well as their temporal availability. Based on this model, we investigate the problem of enforcing security properties both statically (i.e., when tasks are assigned) and dynamically (i.e., when actions are performed). We study the complexity of static enforcement, and design efficient dynamic enforcement algorithms that avoiding unnecessary history tracking.