@Vinicius Luz1 

To ensure that data from one company is not accessible to users from another company, you can use the "contextual security" feature in ServiceNow. This involves setting up Access Control rules (ACLs) based on the company the user belongs to, so that the API only returns data relevant to the user's company.

Follow these steps to create an Access Control rule:

1. Navigate to "System Security" > "Access Control (ACL)" in your ServiceNow instance.
2. Click "New" to create a new ACL.
3. In the "Type" dropdown, select "Table."
4. In the "Name" field, enter the table name, which is "sn_customerservice_case" in your scenario.
5. In the "Operation" dropdown, select "Read" (you can create additional ACLs for other operations like "Write" and "Delete" if required).
6. Leave the "Requires role" field blank if you want the rule to apply to all users. If you want the rule to apply only to specific roles, enter the required role(s) in this field.
7. In the "Advanced" tab, add a script to restrict access based on the company:

(function executeRule(current, previous /*null when async*/) {

    var userCompany = gs.getUser().getCompanyID(); // Get the current user's company ID

    // Check if the current record's company matches the user's company
    if (current.company == userCompany) {
        return true; // Allow access if the company matches
    } else {
        return false; // Deny access if the company does not match
    }

})(current, previous);

1. Save the ACL.

This Access Control rule will restrict the data returned by the API based on the user's company. When a user from "COMPANY A" accesses the Reporting system, the API will only return data related to "COMPANY A" and not any data from "COMPANY B."

You may need to create additional ACLs for other operations (like "Write" and "Delete") if you want to enforce similar restrictions for those actions as well.