<x-zendesk-user data-user-name="Marisa Macho">366880069407</x-zendesk-user> - You can easily assign a responsibility to multiple assets using the responsibility option under customisation. You will however need to create a rule for each Asset to help govern understand which users to assign to which asset type. You can of course make these users hidden from the responsibility tab so that other users don't see the big long list of users that are only there to disable their access.
The rules will then happily refresh themselves and apply anyone new in a given group to the assignment and this will remove those assets from the users.
HOWEVER. . . . and this is the reason I didn't suggest this as an option is security is a real issue.
1) The asset names will still show on the relationship tab and the diagrams tabs, although no details on those asset can be clicked through to. You need to consider if showing the relationship and the name of the related asset is a security concern for you.
2) principle of least privilege (PoLP) is something I am a massive supporter of and this approach is the complete opposite of PoLP. This approach assumes everyone has access to everything UNLESS we capture them in a rule and then REMOVE access to those users. If information security is real concern then you also need to consider the implication if one of you rules missed a certain user due to some unforeseen reason, that user would have full access to the entire environment without restriction.
3) Group maintenance, as <x-zendesk-user data-user-name="Jean-Paul Otte">365631894427</x-zendesk-user> has pointed out, for this approach to work, you need to work out which users you don't want to see those assets. How do you keep that group up to date? You are now able to link groups to Active directory, but that would only work if those users all belonged to the same AD group. When EXCLUDING users, it's unlikely that everyone sits in one group. So now we are dealing with a scenario where you need to have a rule that assigned multiple groups (linked to ADFS) and need to consider an new joiners or business transformation activity to might impact this approach or fall foul of point 2.
To summarise, its do-able and if you have a relatively small users base that is fairly static and if an employee did somehow fall down the cracks, it wouldn't be the end of the world, then it might just work really well for your use case.
P.S - You can of course use the APIs to run a report of user activity, including the assets they view. So you could use this as a quick sense check and audit that you rules are being applied to the users in the relevant groups and none of those users have accessed any of the hidden assets / asset types.