In the DOC, you can group policies into policy collections. These collections can then be used in role assignments to restrict access to specific policies for a given role.