Aiming at the problem that in the Internet of Things (IoT) environment, traditional access control and privacy protection mechanisms are difficult to meet the actual needs due to the large scale of devices, frequent data sharing and complex and changeable access control, a data rights management and secure sharing scheme for IoT is proposed. The scheme integrates CP-ABE, Fabric and IPFS distributed storage technologies, and constructs a data sharing model of on-chain and off-chain cooperation. Through the introduction of tree access control structure, the access policy and attribute hierarchy are modeled uniformly, and fine-grained access control and dynamic authorization management are realized. At the same time, smart contracts are designed to support user attribute management, policy updates, and data access validation. In order to evaluate the performance of the scheme, experiments are carried out in Fabric environment for different attribute sizes and concurrent request scenarios. The results show that with the increase of attribute size and the number of requests, the system response time shows a steady growth trend, and the overall throughput performance is good, which can effectively support complex access control requirements and large-scale data access scenarios. The proposed scheme not only ensures data security and privacy, but also improves the flexibility of authority management and the scalability of the system, providing effective support for secure data sharing in the Internet of Things environment.