Generally speaking, allowing privileged operations because a specific user asked over a TCP socket is asking for trouble: there are quite a few ways that unwitting processes could open a socket on behalf of an attacker without realizing that it is asserting its identity and thus granting privilege.

All the major cloud get this IMO entirely wrong with their services that issue secrets to instances (e.g. AWS IDMS).