Bad solution. I don't want to create separate postgresql users for each restriction. It should be based on a context variable or something similar, but not on postgresql users.
Most PostGraphile projects have two or three PostgreSQL roles total, and that can support millions of application users. This is such a common misconception that we created an infosheet about it: https://learn.graphile.org/docs/PostgreSQL_Row_Level_Securit...
IIRC, it can indeed work like that. See Postgraphile and maybe Hasura, on how they handle it. I'm fairly certain it doesn't _need_ to be Postgres users.