Cloud storage is facing the contradiction between data security and flexible data sharing, and therefore the cryptographic access control mechanisms are well studied. In particular, hierarchical access control in cloud storage is significant for many application scenarios. In these scenarios, the users are divided into several groups organized in a hierarchy, and they are assigned with different access privileges according to their groups and levels. That is, the users in higher level groups can access the data belonging to their subordinate groups while the users in lower level groups cannot access the data belonging to their superior groups. However, most of the existing hierarchical access control solutions seem to be unpractical for their inability of scalable data sharing, inefficiency of key management or lack of delegated re-encryption. In this paper, we propose a new hierarchical access control scheme based on key-aggregate encryption, and the proposed scheme realizes scalable data sharing in cloud storage which allows the users to share data with any user group. In the proposed scheme, the size of each key or ciphertext is constant and irrelevant to the scale of hierarchical user structure. Especially, our scheme improves the convenience of key management by cutting off the key derivation widely used in the existing hierarchical key assignment methods. Furthermore, the proposed scheme reduces the users’ updating overhead by introducing the delegated re-encryption into the hierarchical scenarios. Finally, the security analysis and the performance evaluation indicate that our scheme is feasible for the hierarchical data sharing applications in cloud storage.