@holger.knust will be dumps co-maintainer with me, and as such, he should be able to do all tasks that don't require SRE-level access (i.e. access to cumin etc). This includes rebooting hosts to pick up security fixes, disabling/enabling/running puppet, rsyncing manually fixed datasets, disabling and re-enabling cron jobs, checking logs, installing updated packages, and so on.
A new group should be created for this level of access to the specific hosts.
This will need discussion at the SRE meeting.