I checked this out and discovered and was very impressed:
you create an Admin Policy, give it a name, then on a form-by-form basis (241 forms) decide which forms are available under that policy, and whether it is Read or Read/Write for each form.
Then you create a User Authorization Profile with System Admin set to True and give them the System Admin policy you created above.
Pretty good.