Software-Defined Networking (SDN) promises a flexible and programmable solution for future networks. By extracting the control logic out of forwarding devices into a specific entity as the control plane, it dramatically eases the management work of multi-tenant networks, where several customers share same network resources. Depending on the way and the SDN layer that tenants can interact with, they can be allowed to have higher and differentiated levels of control over their own slices of available resources. This paper discusses multi-tenancy in SDN by proposing a framework on SDN northbound that focuses as a matter of priority on isolation and access control. A new network abstraction layer is introduced between the control layer and application layer on top of which tenants are provided unified APIs with abstract views and pre-defined levels of control over their dedicated virtual networks, with no concerning about the underlying type and number of controllers as well as topology of physical networks. A developed PoC finally shows the soundness of our approach by implementing various levels of isolation together with AAA functions.