Multi-tenant SaaS on Postgres · the RLS-first playbook

Building multi-tenant SaaS on Postgres? RLS is non-negotiable. Here's the playbook we ship.

Last verified22 April 2026

By Dezső MezőFounder, DField Solutions

ShareX LinkedIn#

Multi-tenant SaaS on Postgres in 2026 means RLS. Application-layer tenant filtering is not enough · one forgotten WHERE clause or LLM-generated SQL query is a cross-tenant data breach. This is our current playbook, refined across 12 multi-tenant SaaS projects.

The non-negotiable setup

Every tenant-aware table has a `tenant_id UUID NOT NULL` column.
`ENABLE ROW LEVEL SECURITY` + `FORCE ROW LEVEL SECURITY` on every such table.
Policies check `tenant_id = NULLIF(current_setting('app.tenant_id', true), '')::uuid`.
Application code uses `SET LOCAL app.tenant_id = $1` inside every transaction.
PgBouncer in transaction-pooling mode · compatible with `SET LOCAL` but not `SET`.

Tenant context helper

import { sql } from 'drizzle-orm';

export async function withTenant<T>(tenantId: string, fn: (tx: Transaction) => Promise<T>): Promise<T> {
  return db.transaction(async (tx) => {
    await tx.execute(sql`SET LOCAL app.tenant_id = ${tenantId}`);
    return fn(tx);
  });
}

5 RLS bypasses we guard against

Forgetting `FORCE` · table owner bypasses policies
Unset `app.tenant_id` · fails open if policy doesn't use NULLIF
Superuser connection · production should never use postgres superuser
SECURITY DEFINER function · bypasses RLS unless explicitly marked INVOKER
`RETURNING *` without a SELECT policy · silent failures

CI-testing tenant isolation

For every migration, CI runs a 'tenant leak' test: create a row as tenant A, switch context to tenant B, try to read · must return zero rows. Do this for every new table. Our base test file is 40 lines and catches 90% of policy bugs.

RLS is defense-in-depth · not your only defense. App-layer filtering + RLS + CI tests together. Any one alone is a ticking incident.

ShareX LinkedIn#

Dezső Mező

Founder, DField Solutions

I've shipped production products from fintech to creator-tooling · for startups and enterprises, from Budapest to San Francisco.

ABOUT →Let's talk →

Keep reading

22 Apr 2026·7 min read

Speculation Rules API in 2026 · near-instant nav, zero JS cost

Speculation Rules makes internal nav feel instant · at zero JS cost. Here is the config we ship by default.

Read

22 Apr 2026·10 min read

Signed-firmware OTA pipeline · the 2026 default we ship

A production OTA pipeline is more than 'push a new .bin'. Here is the signed, staged, rollback-ready version we default to.

Read

22 Apr 2026·11 min read

pgvector at 10M+ rows · index choice, query patterns, real performance numbers

pgvector at 10M rows is not scary · if you pick the right index. HNSW vs IVFFlat, filter patterns, real numbers.

Read

RELATED PROJECTS

AI solutions · Website & online shop · Mobile app (iPhone + Android) · 2026AIHealthIQAI reads your wearable data, spots changes, recommends treatment and lifestyle tweaks.

AI solutions · Website & online shop · 20263D AI PropertyAI-generated 3D properties and interiors, walkable in FPV · with a manual editor and drone view.

AI solutions · Cybersecurity · Website & online shop · 2026Use AI EasilyAn AI firm's website · home of Hungary's first dedicated AI-security practice.

Would rather build together?

Let's talk about your project. 30 minutes, no strings.

Let's talk