Access control in computer systems is based on the combination of confidence-mandatory and thematic principles. Composite security labels (tags) containing a security level (classification grade for objects and access level for subjects) and a thematic index (object themes and thematic permissions for subjects) are assigned to the access objects and subjects. In contrast to the known MLS-model that uses so called non-hierarchical (i.e. unordered) thematic categories in the form of thematic rubrics, our model (MLTS-system) uses thematic object indexes and thematic subject permissions which appear as hierarchical thematic classifier elements widely used in document storage technologies. Mathematically, the security labels are elements of the product of the security level algebraic lattice used in Bell–LaPadula model and of a special multirubric lattice based on hierarchical classifiers. Special dominance relations (wider–narrower) and binary operations (greatest lower and least upper multirubric bounds) that cannot be expressed by using ordinary set-theoretic inclusion relation and union and intersection operations are introduced. In MLTHS-system, for assigning security tags to users and to user-initiated subjects, some specific procedures are defined. Authorization rules to subject-to-object read, write and execute access are defined for security monitor as well as security tag assignment procedures for newly created objects. Multiple access (a single subject to many objects and many subjects to a single object) authorization rules are established. It is proven that MLTHS-system is secure by criteria of flow absence between security tag-incomparable entities (objects or subjects) and of top down flow absence. MLTHS-system allows combining access control and document storage text search technologies to create secure search engines with no functional limitations.