There are several security problems arising from the characteristics of IoT, and one of them is weak access control. Traditional access control models require one centralized authority that stores all the information for access control and validates access rights. This single point of failure in IoT access control could lead to situations where a single breach can cause sensitive information leakage across the entire system. Various studies have been conducted to mitigate this security risk by introducing a decentralized architecture based on blockchain technology called BBAC. However, most BBAC models consider only a simple access control situation, which can lead to a 'the Greatest privilege problem'. This study proposes a novel access control model that enforces minimum privilege to an access token by the division and modification of access rights. As a result, we contributed to enhancing the practicality of the BBAC and mitigating risks that may arise in the delegation process.