Because 90% of our servers are heavy-weight appliances and only consist of
role accounts. We don't want to sync our personnel file with all instances.
And 'su' from a role account to another role account is not really sensible.
And now people who have enough privileges can directly copy files from/to
the server or trigger mass updates accross all machines (which is trickier
to do if you want to do that via a regular user account).
Currently we only have to update the authorized_keys file of the role
accounts and in the case of separate role acccounts we'd probably need some
sort of password verification for the su/sudo behaviour, which is now done
through the smartcard key-based login.