The IT Security team of a financial institution is implementing a new system that should ensure that access permissions to sensitive financial records align strictly with employee job functions. Compliance requirements dictate that every access permission must be auditable and cannot be based on individual discretion. Which authorization model best suits the security and compliance requirements of this scenario?
Security Support Provider Interface (SSPI)
Attribute-Based Access Control (ABAC)
Role-Based Access Control (RBAC)
Discretionary Access Control (DAC)