I cheched: https://www.role-editor.com/block-admin-menu-items and i can manage to block everything except the installation of the plugin however I am missing the option where the person installing the plugin can also configure the same plugin he installed. So far the only way i can achieve this is by allowing the user to see and configure all plugins.
OK. Btw., just take into account that person who install a plugin, can execute on a server any PHP code (if include it into plugin) and receive this way full access to the site and its data (if he has such purpose). URE restrictions protect only WordPress user interface.