Row-Level and Column-Level Security
Last Updated: May 3, 2026
Most of the time, access control is simple: can this role read or write this table? GRANT and REVOKE handle that well.
But real applications are messier. Two users can run the same query on the same table and still need different results. A customer should only see their own orders. A salesperson should only see accounts in their region. In a multi-tenant SaaS app, one tenant must never see another tenant’s data.
You could enforce this in the application by adding WHERE user_id = ? everywhere. But that turns every developer into a security checkpoint. Miss it once in a rarely used endpoint, and you have a data leak.
A better approach moves this responsibility into the database, where it cannot be forgotten. That is exactly what row-level security and column-level security provide.
In this chapter, we’ll explore how PostgreSQL’s Row-Level Security (RLS) works, how column-level permissions hide sensitive fields, and how to combine both to build strong multi-tenant isolation in StreamFlow.