You are an information system auditor of HDA Inc., and you are auditing the controls related to payment transaction data. Your task is to determine the most effective method to ensure that payment transaction data is restricted to the appropriate users. Which approach would be the best way to ensure that payment transaction data is restricted to the appropriate users?