This is a terrific idea. I wanted something like that too, a few week ago. Some safety aspects I considered:
- the role assignment should probably be temporary - expiring with the session, or after a period of idle time. - the user should maybe reauthenticate (with their own password, or a root password) when activating su mode.
