We create a "temproot" group (in /etc/group) to denote users granted access on a temporary basis only, and use a specific rule to allow that.
The rule in sudoers is:
%temproot ALL=(ALL) ALL
and it can either be edited into /etc/sudoers or (better) put in a one-liner file in sudoers.d (eg. sudoers.d/temproot).
Granting a user access is then just a matter of (i) adding them to the "temproot" group (either by editing the group file or by using usermod <= beware of the syntax for adding a group as opposed to replacing all of the users group memberships!) and (ii) getting them to logout and back in again to pick up the change to their account.
The advantage of using this over the generic "wheel" group is that it makes it clear that the access is only intended to be temporary.