Hello Rien,
In XMC Control menu the Policy tab is about Policy feature that is imminent to EOS and EXOS switches and ExtremeWireless. It's under the same Control menu as all the rest but this one is not unique to EAC. You can define roles and rules and apply them to your EXOS switches without EAC.
Regarding your second paragraph, I suppose we have mixed ourselves a bit between "role" and "rule". Please correct me if I'm wrong. The role defines default action for user traffic and rules override this default action for certain packet types. So if you have a rule e.g. "Reachability Testing Machine" and it has default action of Deny, it can have a rule assigned, which is about permitting ICMP. Then, all the traffic will be blocked except ICMP.
Yes, if you have a default action of deny for a user type (role), there is no need to do a rule to deny any. Please remember that it would also be impossible on EXOS/EOS switches, as Policy does not have processing order. I mean, multiple actions from different rules of a role can be taken if they are not mutually exclusive. Only if you enforce a policy domain to the wireless controller you will see some top-to-bottom order of rules as this is the way that controller works.
Hope that helps,
Tomasz