Use the ‘users_list_table_query_args’ filter to force the “role” arg to be “subscriber” for any User Manager login role. Use the “views_users” filter to remove any list table views (the links above bulk actions) that are not “subscriber”.
This will limit their view to subscribers, but if they know or can guess user IDs, it will not prevent them from editing that profile. We can prevent them from successfully updating user data by dying from a callback added to ‘wp_pre_insert_user_data’ filter if the role is not subscriber, but they could still access the profile page where it would appear editing would be successful.
This would only occur if they were attempting to improperly edit a non-subscriber user, so having a misleading UI wouldn’t be the end of the world. But if you would prefer to fully block access to the non-subscriber profile edit page, you could probably concoct something from the “admin_init” hook.
