The short answer is that currently, the security rules of one service cannot access data from another service. See this thread for more information (a similar common problem).
If the data you are hoping to provide is user-specific, you can insert custom tokens that contain this data, which can be shared across services (since both services receive the same token).