At this point anything useful I have thought I might want to wrap a policy around has not been possible.  When I first glanced at the approval system and saw the conditional options for the approval levels I was impressed but now I realize its more like having cable tv...  It is like having a 150 channels I don't want to watch.  I want my approvals to be triggered by things which might be fairly complex and also likely include some of what are custom properties currently.  It seems like it should be a very easy thing to implement triggering these based upon the result of a string comparison from a vCO output or a boolean. 

For example... lets take Joe User.  Joe is on legal hold.  I want to stop any user on legal hold from automatically deploying anything new.  I can perform a simple query to check his status via a vCO workflow.  I don't particularly want to muck with modifying his group memberships in AD or change anything in the vCAC configuration to meter this.  I just want someone to be notified and say yay or nay then once he's off legal hold all the configurations are the same.  If its true activate the policy if not let it through. 

I could think of lots of scenarios where I would like to use more intelligent and customized criteria on the policy triggers.  I don't think using business groups and reservations will scale the way we want.  I'd rather have fewer larger groups and reservations and more policies that we tweak.  If the quota system was more intelligent and could trigger policies and also expand the resources appropriately if that request was approved I might consider the lots  of business groups/reservations route.

Let me know if I am crazy as I am still learning how to navigate vCAC.  I'd be happy to hear how others are dealing with this kind of thing in the 6.x realm.