Thanks @TK_Liew and @MartinLangmaid.
Please bear with me as I am a novice at this.
If I understand correctly all clients connected to a specific SSID can limited to [or blocked from] using certain ports, IP addresses, MAC addresses, or domain names.
So an application for this could be limiting clients in a specific SSID to use only LAN resources and deny internet access?