The IT Security team of a financial institution is implementing a new system that should ensure that access permissions to sensitive financial records align strictly with employee job functions. Compliance requirements dictate that every access permission must be auditable and cannot be based on individual discretion. Which authorization model best suits the security and compliance requirements of this scenario?
Role-Based Access Control (RBAC)
Attribute-Based Access Control (ABAC)
Security Support Provider Interface (SSPI)
Discretionary Access Control (DAC)