Let me share some info/recommendations.

When you allow someone to edit PHP code at your site, there is no sense to restrict that person somehow. You have to just trust the developer.
Having access to arbitrary PHP code execution developer can with just one line of a PHP code wp_insert_user(); create new user with ‘administrator’ role, re-login and get full permissions at the site.

Any code editing should be done at the stage/development copy of the site.

In relation to the auto-redirection to dashboard, I suppose that you blocked some admin menu items for this user role via Admin menu access add-on and use ‘Block Not selected’ option. Read more carefully this part of the article.