Row-Level Security

Asiri runs Postgres with row-level security (RLS) enabled on every tenant-scoped table. Each incoming request sets a workspace_id session variable — derived from the authenticated API key or user — and our RLS policies clamp every SELECT, INSERT, UPDATE, and DELETE to rows whose workspace_id matches. This means tenant isolation is a property of the database, not of careful application code: an application bug that forgets a WHERE workspace_id = ? clause cannot leak data, because the database itself rejects the query.

The policy DSL, migration story, and CI test strategy are captured in the Compliance Ontology architecture decision.