Hi,
I strongly advise against satellites with local IDO and web interfaces. While technically that’s possible, it doubles up the maintenance burden.
The thing you can do with the current feature set, is to put all these hosts into specific host groups for instance, and then adjust the permissions in Icinga Web roles. Whenever users from an assigned role (zone) log in, they only see their hosts. This is typically called RBAC if you google for it.
Another idea would be to assign custom variables to these hosts, and build the permission filters based on this in Icinga Web.
This solution allows you as the admin role to see everything, and to also troubleshooting just one interface with permissions or problems, than for all of the regions. And another thing: Decentralized interfaces also expose a security risk, with also having to manage different (AD) logins and whatnot.
Cheers,
Michael