To ensure secure access control, users need to follow some best practices. The answer is option D, which means that all the options mentioned are correct.

Explanation of each option:

A. Use role-based access: This option is correct because role-based access control (RBAC) is a secure practice to control access to resources based on the roles assigned to individual users within an organization. It ensures that users have the necessary access to complete their tasks and restricts access to resources that are not relevant to their role.

B. Enforce authorization on each request: This option is correct because enforcing authorization on each request helps to verify that the user has the necessary privileges to access the requested resource. Authorization ensures that users only access the resources that they need to complete their tasks and nothing more.

C. Enforce Business Workflow: This option is correct because enforcing business workflow ensures that the access granted to users is in alignment with the business processes. By enforcing business workflow, organizations can minimize the risk of unauthorized access to resources and ensure that the access granted is relevant to the user's role.

D. All: This option is correct because all the options mentioned are secure practices for access control. Using role-based access, enforcing authorization on each request, and enforcing business workflow, all contribute towards ensuring secure access control.

Therefore, the correct answer is: D. All.