In a bi-directional ServiceNow A to ServiceNow B ebonding project, both instances have an integration user created with web service access. Currently, this integration user is assigned the ITIL role to facilitate the creation and updating of incidents, request items, problems, and change requests across both instances.

1. ITIL Role Removal Feasibility: Is it possible to successfully implement the ebonding process without assigning the ITIL role to the integration user? If so, what specific security rules need to be defined to ensure that the integration user can still query, create, and update tickets in ServiceNow A without ITIL access, and how can these rules be configured to restrict access strictly to ServiceNow A data?

2. Third-Party Tool Access: If the integration user retains ITIL access, can they utilize Postman or other third-party tools to retrieve, query, update, or create information from any instance, not just ServiceNow Instance A? If yes, what security ACLs should be implemented to restrict the integration user's access to only the necessary data on ServiceNow Instance A, preventing unauthorized access or actions on other instances?

3. Data Access Restriction on ServiceNow Instance B: Is there a way to ensure that even if Integration User A retains the ITIL role, they are restricted from querying or accessing other customers' data within ServiceNow Instance B? What best practices should be followed to enforce this restriction?