Yes, you can define Blacklists per Policy.
Blacklists are defined by the action for that Severity / Category. When you create a Blacklist Entry, you can choose what Severity and Category apply for that particular entry. The default values for these fields are Severity = Minor, Category = Minor Spyware Website, but you can modify them to be any of the values within the system.
The Blacklist is then applied and acted on per the action within a Policy for the Severity / Category. That Policy can be tied to a User, Group, Department, OU, or IP/Subnet.