Which of the following is the best approach to validate the continued need for auser to have privileged access to system resources?