|Role-based trust management languages define a formalism, which uses credentials to handle trust in decentralized, distributed access control systems. A credential provides information about the privileges of users and the security policies issued by one or more trusted authorities. The main topic of this paper is RTT , a language which supports manifold roles and role-product operators to express threshold and separation of duties policies. The core part of the paper defines a relational, set-theoretic semantics for the language, and introduces a deductive system, in which credentials can be derived from an initial set of credentials using a set of inference rules. The soundness and the completeness of the deductive system with respect to the semantics of RTT is proved.