I wrote a blog post over on my employer's blog about how to use row-level security patterns in postgres and clickhouse and I think it's pretty neat. Every company I've worked at has done multitenancy inside of SQL databases, and the approach to prevent cross user access has basically boiled down to git gud; they've also all had at least one incident where some endpoint forgot to check permissions and you could access other users' data (sometimes just by incrementing an auto-incrementing ID in a URL). This is the first attempt I've seen to comprehensively fix that, so I wrote it up. Enjoy!