That is a little bit complicated.
The key are the authorization settings of the livestatus.
There are two possible settings for your scenario.
Authorization setting for hosts - strict - you must be contact for a service on a host
and the other one is - loose - contacts for hosts see all services.
How to configure.
CEE - inside WATO - global settings - monitoring core - authorization settings
CRE - you need to modify your livestatus broker module - [Check_mk (english)] OMD and MK_Livestatus service_authorization Variable
Some old post by myself 
Pay attention this option is for the complete system and alle users then ative.
I don’t know if you want this. If you set this option you should also play around with the option inside WATO “user can see all objects”.