In Gerrit, projects can have parent projects, and they inherit their settings and ACLs from their parent project. This allows us to define rules like "for branches named wmf/*, only the deployers group should have approval rights" only once and have them apply to hundreds of projects. In Phabricator, we'll need something that accomplishes this kind of deduplication, though the approach could be different (it need not be inheritance, necessarily).
See also T183: Per-branch access control in code repositories