Which of the following should be implemented?

A security administrator wants to implement a company-wide policy to empower data owners to manage
and enforce access control rules on various resources. Which of the following should be implemented?

A.
Mandatory access control

B.
Discretionary access control

C.
Role based access control

D.
Rule-based access control