Thanks Grant, your detailed response got me thinking about how I might approach this. I then realised it is pretty simple. So here is the approach that I took, in some detail, for anyone else who wants to do the same.
First, I created a new field in ACCOUNTS, a 1-many connection to itself (ACCOUNTS), called ALLOWED DELEGATES. I then created a form accessed from Account Settings to allow anyone to edit this field in their own (logged in user) account record, to add as many allowed delegates as they like.
In my example scenario, Jim Smith logs in and sets this field to Michelle Jones. This is the OFFER side of the delegation relationship …
(Note that I also created a Delegate user role which I give to Michelle Jones, and the selection is filtered by user role contains “Delegate”, so this limits who can be a delegate. But the main reason for the new user role is to provide access to a DELEGATE menu item, discussed below).
Second, I created another new field in ACCOUNTS, a 1-many connection to ACCOUNTS, called ACTIVE DELEGATIONS. I then created another form to allow anyone to edit this field in their own (logged in user) account. It is set up to only show those people who have made the “Offer” using the following restriction:

This way Michelle can ACCEPT to be a delegate for anyone who has allowed her to be one - ensuring its a two way agreement to act as a delegate. Once Michelle selects Jim and submits, she creates an ACTIVE DELEGATION.
To be able to use that Active Delegation, I created a DELEGATE menu with copies of the various scenes that I want a delegate to be able to see, for example a grid set up as:
This grid allows Michelle to see everything that Jim is responsible for - and anyone else who Michelle acts is an active delegate for.
THE ONLY HOLE IN THIS APPROACH is that Jim has no way to cleanly revoke Michelle’s access.
Taking away the “Allow” doesn’t impact the “Active” status. I can’t do it using record rules because that would remove every delegation from Michelle - because using record rules its all or nothing - there is no selective removal. Plus if Jim had more than one delegate, it would remove them too because the record rules will update EVERY delegate…
So instead I put up a big warning to Jim when he changes the “Allowed” settings to tell him to have the system admin remove Michelle’s active status - it could of course be an automated email to the system admin requesting the same.
If anyone has any thoughts about how to resolve this final piece of the puzzle I’m all ears.