A security administrator wants to implement a company-wide policy to empower data owners to manage and
enforce access control rules on various resources. Which of the following should be implemented?
A.
Mandatory access control
B.
Discretionary access control
C.
Role based access control
D.
Rule-based access control
B is the correct answer.
https://en.wikipedia.org/wiki/Discretionary_Access_Control