‘Admin menu’ shows menu items, which are available for the current role only.
It does not provide access. It allows to block menu items to which you can not revoke access from a role via user capabilities.
For example some plugin uses ‘manage_options’ to protect its menu. When you grant ‘manage_options’ to a role, it receives access to the ‘Settings’ and some other menus from other plugins too. In order to narrow the access inside ‘manage_options’ capability you can use ‘Admin menu’.
So, 1st, you work with user capabilities, then build more granular access with ‘Admin menu’.