Do you mean that role based access control (RBAC) should be replaced by something else? Or that just the specific RBAC models in use are broken?
I personally think the, perhaps confusingly named, capability based security models are the way of The Future.
ABAC/Capability and very granular policies for both actions and actions on behalf of others with the right sort of resource-based policies as well. And the apps need to be capability constrained and sandboxed.
Gonna be a hard nut to crack to implement this across the supply chain.
Transitive dependencies are a bitch.