(This might be more of a discussion than a question)
What’s the current gold standard for enforcing tenant isolation with Ecto when using a tenant id?
The docs have this guidance, which is good general advice not linked specifically to any database. I’m building on PostgreSQL, and I believe the gold standard would be to use row level security which offers some additional guarantees. It’s just a little bit more of a fiddle to setup, so I’m wondering if it’s worth the effort.
Has anyone gone with with RLS instead of prepare_query (from docs), or another route? Keen to hear thoughts on what’s working well.
