Well, that's kind of what the ACIGROUP functionality is for, but it really requires an ESM. The other problem is that you can be in only one ACIGROUP at a time, so if you need combinations of privileges, you end up defining n**2 possible groups.
If you have RACF or VM:Secure or some such, that'd be the way to do this.
