Let’s see if I understood your question. I guess I would base my index names on the group that have access to the dataset instead of the dataset. So instead of filebeat-nginx-b-* I would do nginxadmin-filbeat-nginx-b-* . This would make it possible for a group e.g. nginxadmin to make an index pattern like nginxadmin-* and find all index patterns that they should have access to.
I guess you could create a tenant (and role?) for each dataset but I feel that it would probably be better to create a role and tenant for each group of users.
An alternative could be to script the creation of index patterns for each tenants so that all tenants already have a ready made index pattern for everything they should be able to see Header "securitytenant" not work properly for select tenant - #3 by ogallart