You would like to reduce the risk associated with the administrative access you need to give several IT employees. You would like to enforce separation of duties, but you also want them to be able to perform the functions given one another in the case where an employee is absent. To support each employee's primary role, you implement role-based access control. What will be the safest way to allow

them to step in for one another when necessary?

A. Include those permissions in the primary role.
B. Provide those permissions manually when required.
C. Assign all permissions to a single role, and assign the role to all IT employees.
D. Create multiple accounts for each user, and have them use one account only when required.

B
Explanation: To reduce risk the most, you should give them the additional permission on an ad hoc basis as needed.