Hi Yi Li,
What you can do is, you can enable the owner in the entity properties and then,
in the access rules, you can set the Xpath to Path to Owner for the CompanyUser and other USER.
This way, each company who created their Product can only see their own.
And For the Admin, you can create seperate access rule which does not have this path to owner settings.
Hope it helps!!
The best way is to define access rules using XPATH on entity.
Please refer to: Defining Access Rules Using XPath | Mendix Documentation