The default Ansible privilege escalation mechanism requires broad sudo privileges. If your production environment gives you sudo access but bars you from getting a root shell, you are out of luck. As, the doc says - you cannot expect Ansible to work when sudo commands are restricted.
Privilege escalation permissions have to be general. Ansible does not always use a specific command to do something but runs modules (code) from a temporary file name which changes every time. If you have
/bin/chmodas the allowed commands this will fail with ansible as those paths won’t match with the temporary file that ansible creates to run the module.