Yes, something like

definition host {
  relation port8080_users: user
  relation port80_users: user
  relation port23_users: user
  relation port1345_users: user
  relation super_user: user
  permission can_access_port8080 = port8080_users
  permission can_access_port80 = port80_users
  permission can_access_port23 = port23_users
  permission can_access_port1345 = port1345_users
  permission default = super_user
}

If the permission in the check request does not match any of the specific permissions it would be handled as per the default