Row-Level Security, or RLS, is a database mechanism that controls which rows a given user is allowed to see or modify, enforcing access rules at the level of individual records rather than whole tables. A query automatically returns only the rows the requesting user is permitted to access, with the restriction applied by the database itself.
In multi-tenant vector systems built on databases that support RLS — such as PostgreSQL with pgvector — it provides a way to enforce tenant isolation. By tagging each vector’s row with a tenant identifier and defining a security policy, the database guarantees that a tenant’s queries can only ever touch their own rows, even within a shared table. The isolation is enforced centrally, reducing the risk of an application bug leaking data across tenants.
RLS is a form of logical isolation: tenants share the same table and infrastructure, with separation enforced by policy rather than by dedicated resources. It is efficient and convenient for serving many tenants, but, like other logical approaches, it does not by itself prevent noisy-neighbour performance effects, which require additional measures such as sharding or physical isolation.