Currently only the administrator role has permission to add or update a menu. In practice, a live website will be updated by editors who create and edit pages who would also be expected to provide a link to those new pages. An editor currently can't update a menu item or block, without having access to themes and widgets.
There are many discussions about this issue on forums, and a number of hacks which attempt to hide of move the "menus" menu under the Appearance block in the admin panel, none of which are easy to use not work well. They do not change user role rights.
This is a major hole in the WordPress security model that impacts on its use especially in small and medium sized environments where control is crucial.
The suggestion is to split up the user role edit_theme_options to provide a separate role for Widgets, a separate role for Menus, leaving the theme functions together under a third separate role.