Check this out and let me know what you think: https://pgdog.dev/blog/multi-tenant-pg-can-be-easy
I think there are a few good solutions for multi-tenant safety. We just need ergonomic wrappers at the DB layer to make them easy to use.
It’s an interesting idea, but how would such a system handle queries that should cross tenant boundaries? (E.g. system-level reporting)
1. Go around pgcat/pgdog?
2. I have had good luck using pragma comments for that kind of thing: a way to communicate to the infrastructure without the target system seeing it
3. From the "malicious compliance department," I would also accept "include it but in a tautological way" (tenant_id = :ten_id or tenant_id <> :ten_id)
Echoing the comment below (above), since we can fingerprint queries using the Postgres parser, we can create an allow list and a more fine-grained ruleset.