Using GID to control system and user policies

I have created four groups in ldap ,Apart from other default groups

director 1000 domain group

manager 1001 domain group

teamlead 1002 domain group

agent 1003 domain group

Can I impose system policies on these groups
so that their containing member can get the policy effect
for ex:- for all members in agent group with GID 1003 should not be able to open konsole,games and system configurations programs but can open notepad, openoffice.
teamlead group with GID 1002 can open konsole with minimum access but not games and system configurations

Reply with one or two examples would be appreciated.

My aim is to block and allow/restrict users from system related configurations and access to menu or system applications as per the groups in which they are contained.

Thanks & Regards

Use the ACL to limit access.