Manage Admin permissions by URL GET parameters

I have a site which requires a lot of maintenance - hence I plan to give those tasks away to some acquaintance ppl.

They need to have access to some submenus of plugins which do not implement proper permission management - which is something I have seen very often. Usually some general permission-request like manage-option or similarly is used, which is a pretty bad design.

Now I'm thinking, without modifying the plugins code, how can I give permission to someone to access several specific settings pages in the backend, but nothing more.

My idea was: Maybe via GET parameter? I mean I partially trust them and they are not very techy, so I do not think they would dig deep to find whether they could potentially still exploit some AJAX calls - but on the other hand, just hiding admin menu points e.g. by CSS would still leave me a bit nervous.

So what do you think if I'd show only the admin menu points which route to a specific subpage (which can be checked via URL including GET-parameter to be requested). Any downside in doing so?