A security engineer is working with the development team to design an application that encrypts data using an AWS KMS key. Various users with accounts in AWS IAM will need to be provided with temporary access to decrypt data using the KMS key. What is the MOST efficient way to manage access control for the KMS key?