With MAC, who may NOT make decisions that derive from policy?

A.
All users except the administrator.

B.
The administrator.

C.
The power users.

D.
The guests.

Explanation:
As the name implies, the Mandatory Access Control defines an imposed access control
level. MAC is defined as follows in the Handbook of Information Security Management:
With mandatory controls, only administrators and not owners of resources may make
decisions that bear on or derive from policy. Only an administrator may change the
category of a resource, and no one may grant a right of access that is explicitly
forbidden in the access control policy.