Well if the user should see all datasets but BMC.ASSET you could try and play with the field "row level security".
The BMC.ASSET wouldn't be "public" and only visibile to people having "unrestricted access" or a peculiar company set in this field.
You would have to set those "permissions" for all the assets in BMC.ASSET.
This way, your users wouldn't see the assets. Though I guess this would be customization to change permissions when a CI goes into BMC.ASSET.
I'm not sure what is required... You could try to play with BMC.CORE.CONFIG:BMC_Dataset records and set access levels based on RowLevelSecurity and client type access.