I think the best way to do this would be to have all your ADMIN users in a group. Then grant permissions to that group when creating DataSource/updating permissions.
Alternatively, you could grab all your ADMIN Arns and use them for your permissions. This would not stay current which is why a group would work better.
Given current limitations (no UI groups, no permission rules). I would automate adding admin users to the group. For example, lambda function that lists all the users with admin roles and adds them to the admin group. You could use something like EventBridge for the trigger.
However, it is still not a perfect answer, since the solution requires workarounds, and is especially cumbersome in the multi-tenant environment. Because now I need to create separate groups in each namespace, and then grant the said group permission for each dataset. There is no declarative way to do this, so this can be error prone.
My apologies. I am still unclear on the problem and ask here. Do you want to assign permissions by role (admin, author, readers)? What is the use case?
While we plan to add a concept of a ‘super admin’ to the product, this article will grant those permissions to a given user/group: Enable full object access for admin