Restrict user to only create/edit Mail Contacts (user sees Compliance, Retention, Hybride?)

I'm looking for a way to centralize contact management in a small organization (around 8 people). Unfortunately they all use Outlook for Mac, so Outlook had limitations in e.g. Outlook Customer Manager.

My second place would be the Global Address List. But I can only edit it in the ECP. Now I want 1 user to only be able to create and edit Mail Contacts. So, based on an instruction I created a new admin role "Contact Management" and assigned a test user to it.

To this role I then added "_MVDB_ContactMailRecipient" (parent "Contact Mail Recipient") and "_MVDB_ContactManagementMailCreation" (parent "Contact Mail Recipient Creation"). I then stripped all role entry's that didn't have anything to do with Mail Contacts and added Set-Contact and Get-Contact. leaving this short list:

Get-Contact

Set-Contact

Get-Recipient

Get-MailContact

Set-MailContact

Get-MailContact

New-MailContact

Remove-MailContact

Though, when I sign in as this user, I also see "Compliance Management" (retention policy, retention labels), "Mail Flow" (accepted domains) and "Hybride" (Installation).

Why? And what do I need to do to remove those options for this user as well.

I don't think this GAL Management is very user friendly, but it will do I guess. One thing I'm missing is how this user could fill the custom attributes, to create an additional list of vendors, customers, etc.