Since data access permissions are all controlled by the search heads, giving multiple groups admin on their own search heads will let them access any indexes. They will also have the capability to delete for any indexes... even if you don't give this to them explicitly, if they have admin permissions they can give themselves delete permissions and potentially delete data in other indexes that they shouldn't be touching. You also generally don't want users creating their own local indexes on the search heads since your search heads would generally forward to the indexer cluster and that is where the indexes would need to be defined anyway.
You'll also want to consider the number of groups you have relative to the size of your indexer cluster. If you have too many search heads for the number of indexers that you have, you might hit some performance problems. Since it's the search heads that manage the scheduling and those search heads aren't aware of one another, the indexers would be getting hit with multiple schedulers and might become less responsive to searches overall.
Unless you're running ES, at which point you'll need a separate search head anyway, you should look at creating different roles for each group and then permission the apps based on those roles to effectively segregate the users. If there's an app that multiple groups want to use, you could have different roles that access that app and only let them share content within the same role. This way you're only managing permissions in one place and if one set of users develops something useful that can be leveraged by others, all you need to do is permission their content differently to let others leverage it rather than coping it between environments.
... View more