In an organization that has a staff-rotation policy, the MOST appropriate access control model is:

A. role based.
B. discretionary.
C. mandatory.
D. lattice based.