WordPress has a fairly good roles and capabilities system already and, IMHO, you’d find it easier working with that.
When the admin menu is constructed, every item on the admin menu is subject to a check on a relevant capability. Similarly every attempt to use an admin screen is checked.
It’s possible to use map_meta_cap to rework some of these permissions. For example, I like to make my clients Editors of their websites but also allow them to manage widgets and menus without being able to make other theme changes. I use this snippet:
add_filter( 'map_meta_cap', 'tbdn_map_meta_cap', 10, 4 );
function tbdn_map_meta_cap( $caps, $cap, $user_id, $args ) {
if ( 'edit_theme_options' == $cap ) {
$screen = get_current_screen();
$caps = array( 'edit_theme_options' );
switch ( $screen->id ) {
case 'widgets':
$caps[] = 'manage_widgets';
break;
case 'nav-menus':
$caps[] = 'manage_nav_menus';
break;
}
}
return $caps;
}
This traps the check for the default capability of edit_theme_options and if you are trying to access the widgets screen it adds a manage_widgets capability to the list of sufficient capabilities for using this screen. Similarly the nav-menus screen is given its own capability.
Then you can use an existing role management plugin to turn off edit_theme_options for a role or user, removing access to all the theme option screens. Then give the role/user manage_widgets and manage_nav_menus capabilities and they can get to those screens without having further access to theme options.
Combine this with your editing of the admin menu and you should be good to go.