This is a 2-part question. Here's what I'm seeking to do:
A potential alternative approach I was considering was using websites instead of stores for these configurations (i.e. each website only has one store so all customers/admins are by default associated with a single store) but this requires that there be administrators that can be given access/visibility of many--but not all--websites and no access/visibility of others. Is this a possible alternative?
If there's a solution to the 2 problems provided that would be ideal, but if not, will the presented alternative work?
I'll try to answer both questions.
1) You are right, an Advanced Permissions is a good match for these requirements. You can check out this one https://amasty.com/advanced-permissions-for-magento-2.html
With Advanced Permissions a super admin can limit access of other admins to: