# Row-level security

Purpose
- Enforce tenant isolation at the database level with RLS policies.

Strategy
- Apply RLS to tenant-scoped tables and views.
- Require app.tenant_id session setting on every connection.
- Deny access when tenant context is missing.

Policy evaluation
- Policies filter rows by tenant_id and optional scope.
- Admin bypass uses explicit roles with audited access.

Validation
- Run cross-tenant read and write tests in staging.
- Include RLS checks in deterministic replay suites.

Related references
- data/postgresql-patterns.md
- docs/operations/rls-and-data-isolation.md