Database management system mechanism (fully supported in Postgres) that restricts which rows can be returned, inserted, updated or deleted on a per-user or per-session basis. Enabled per table with ENABLE ROW LEVEL SECURITY and configured via POLICY statements comparing a tenant column against a session parameter (e.g. current_setting('app.current_tenant_id')). Exempted users — super-users, table owners, and roles with BYPASSRLS — must be accounted for; FORCE ROW LEVEL SECURITY subjects even the table owner to the policy. Shifts the application's responsibility from adding tenant WHERE-clauses to setting a single session parameter per request. Fails safely by default: without a tenant set, queries return nothing or error. Caveats: introduces implicit state embedded in the connection, historical (mostly resolved) performance overhead, and the need to reset the session parameter on connection release because Rails connection pooling reuses connections.