# PostgreSQL patterns

Row-level security (RLS)
- Require tenant context via app.tenant_id session setting.
- Policies filter by tenant_id on all tenant-scoped tables.
- Admin operations use explicit bypass roles and audited access.

Validating RLS
- Run staging tests that attempt cross-tenant reads and writes.
- Use deterministic replay tests for RLS regressions.

Bitemporal unknowns
- Store current and historical states with valid_from and valid_to.
- Support point-in-time queries and deterministic ordering.

Time-based partitioning
- Partition high-volume tables by time.
- Pre-create future partitions and archive old partitions.
- Use deterministic maintenance checklists for partition health.

Generated columns
- Use generated columns for derived flags and query optimization.
- Add columns via migrations and backfill deterministically.

Troubleshooting
- RLS failures: verify tenant context and policy attachment.
- Partition issues: check missing partitions and default tables.
- Bitemporal queries: confirm valid time windows and index usage.

Related references
- data/postgresql-operations.md
- security/multi-tenancy.md
- docs/operations/postgresql-patterns-runbook.md