I think it's a default value on the CMDB side - i.e. anytime you create a CI, this 'group' permission gets set by default.
In the multi-tenancy model (where the Unrestricted Access is intended to apply - you only need this access control model in the M/T environment) this means is that if you set the access control for a user to Unrestricted Access, this is then checked against the CMDBRowLevelSecurity to see if Unrestricted Access is set and hence you can see/access the CI. Without the UnrestrictedAccess setting enabled for a user, they will only be able to access the CIs that have their company group id(s) in the CMDBRowLevelSecurity field.
If you want to set the CIs to be accessible for a given company user, leave the UnrestrictedAccess there, and add the group id(s) for the company or companies concerned. There is a function in the normalisation engine that may help here (for normalising permissions), but I haven't used it so can't offer much guidance. Take a look at the NE User Guide for details. Also there is a Default Permissions form that when configured, results in all CIs being created with selected company/group values being defaulted into CMDBRowLevelSecurity or CMDBWriteSecurity at CI creation. i.e. it extends the default behaviour of setting Unrestricted Access to also set other selected group codes.
The CMDB documentation discusses this DefaultPermissions concept.