To broaden the adoption of cloud computing, it is necessary to provide efficient security mechanisms for authorisation update, which is a core component of cloud security. In this paper, we propose an efficient and secure authorisation update mechanism, which is achieved using a double-layer encryption: inner-layer encryption and outer-layer encryption. The inner-layer encryption is performed on an original plaintext to generate ciphertext, while the outer-layer encryption is performed on a part of the inner-layer ciphertext taking a ciphertext as output. The inner-layer encryption enforces the initial authorisation policy, while the outer-layer encryption reflects the updated authorisation policy. Based on the double-layer encryption, we deal with the operations related to authorisation update including user update and dataupdate. In addition, we implement the proposed mechanism and conduct extensive experiments. The experimental results demonstrate the efficiency and practicality of the proposed mechanism.