as s_ha_dum said in the comments you could do something remove_menu_page However, the problem with this is it doesn’t actually prevent the user from editing the plugin if they know the url.
From the codex:
Removing a menu does not replace the need to filter a user’s permissions as appropriate.
When I run into this problem I tend to use Justin Tadlock’s Members Plugin which will let me assign capabilities on a per role bases. It also allows me to set custom roles.
My typical flow is to set up a new role of “owner” or “designer” which gives them just enough permission to do what they need to do.
Do I have to do this on a per-plugin basis?
Maybe, it depends on the plugins you are using. Each author tends to handle this differently. Some common capabilities the plugins get linked to are manage_options, update_core and manage_themes. In other words sometimes if you disable manage_options you disabled several plugins at once. There are also some cases (ie gravity forms) where the plugin author creates their own capabilities which is often the best case.
So in conclusion use remove_menu_pages as a quick and easy solution when it doesn’t matter if the user finds the page.
Use the Members Plugin (or similar) to edit the capabilities/create a new role when you need to lock the user out.
Bonus
You can grant capabilities manually to one user using something like this in functions.php :
$user = new WP_User( $user_id );
$user->add_cap( 'manage_options');