Is there a way to limit access to routerOS to a particular VLAN and block all other access to it? If so how would you do it?

First edit "/ip services" and disable everything you don't use. Then filter in the input chain (packets destined for the router directly, not packets being routed through the router) for the ports left open and drop everything not from the management VLAN interface. The below assumes only SSH and Winbox on default ports are left open:
There's lots of different firewall rulesets for what you want to do. The wiki lists more exhaustive ways.

I am sorry for the delay in response but thank you for the information.