With API 3.12 through DataControl and DataControlRoleValue is possible to give access only to some specific objects.

For instance if we want that the users that belong to the security role testRole can have access only to the documents connected with the business partner with key 20867070 and 22210381, a DataContol object like this has to be posted:

{
    "objectName": "Document",
    "attribute": "businessPartner.key",
    "dataControlRoleValues": [
        {
            "role":  "testRole"
            "valueType": "Long",
            "value": "20867070"
        },
        {
            "role": "testRole",
            "valueType": "Long",
            "value": "22210381"
        }
    ]
}

objectName the Dataloy object that has to be applied the access control
attribute the attribute name to be used to restrict the access
role the security role that will use the access control
value the value to use as filter to restrict data
valueType the type of the value (Integer, String)

Browser not supported