The best practise is to use ACL'S to achieve this, as you can set rules for access control lists (ACLs) restricting access to data by requiring users to pass a set of requirements before they can interact with it. i have provided some references about ACL's and how they work in the KB article below and also a link to our documentation for a heads start:
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB0541355
https://docs.servicenow.com/en-US/bundle/tokyo-platform-administration/page/administer/contextual-se...
Furthermore there is a ServiceNow community link you might also want to review:
https://www.servicenow.com/community/developer-forum/how-can-i-restrict-read-access-to-records-via-a...
