If you are using Marathon on DC/OS, you can define fine-grained access to applications by creating advanced ACL groups in your native Marathon instance. Advanced ACL groups provide multi-tenancy by isolating application teams as well as individual users. You can also control customized access to applications, for example, to provide read-only access.
This feature is only available in Marathon deployed with DC/OS. See the DC/OS docs for this feature.