Lesson 17 / 18
Database-enforced tenant isolation
Tenants are kept apart at the database itself with Postgres row-level security (RLS FORCE), not by app-layer filtering you have to trust. Access is bounded by tenant, so a grant cannot reach across tenants. Key points:
- The boundary is enforced in the database and holds even if application code has a bug.
- This is the most defensible part of the platform's security story; describe it as database-enforced (RLS), never as application filtering.