OK, to do this, you would need to prevent them from being able to specify the target for the policy, as the person who is checking over its configuration should assign the target.
To do this, simply ensure that the role does not have the "Create Resource Targets" management privilege assigned to it. Obviously, the members of that role should not be members of any other role that does have that privilege.
The main reason to do that is because only members of a role that creates a target can see that target, unless of course, you are a symantec Administrator.
Not having the system "Read" permission to the "Enable/Disable Policy" task type is an and/or option to the above.