|
|
|
|
|
|
by gwen-shapira
1426 days ago
|
|
|
The blog explicitly said that if the requirements involve actual authorization models (beyond simple tenancy) then RLS is not the best fit (see: https://thenile.dev/blog/multi-tenant-rls#if-you-have-sophis...). I think this covers both the complexity aspect and the difference between what you get from RLS and what external authz brings to the table (schema, for example). I do think that RLS is a great way for a company without authz experts to built a multi-tenant MVP safely. I've yet to see a single pre-PMF company that worries about authorization beyond that, this is a series-B concern in my experience. |
|
|