-
🚀 New blog post + django-rls-tenants 1.1.0 is out!
TL;DR: PostgreSQL RLS policies can't use your indexes because current_setting() isn't leakproof. The query planner falls back to sequential scans and applies tenant filtering row-by-row. On large tables, this hurts.v1.1 fixes this by adding automatic ORM-level WHERE tenant_id = X alongside RLS - so Postgres uses your composite indexes for the fast path while RLS still enforces isolation as a safety net.
Also in this release:
→ select_related() now propagates tenant filters across joins
→ threading.local replaced with contextvars (ASGI-safe)
→ Superuser detection at startup (RLS is silently bypassed otherwise!)
→ Better exception handling in middleware
→ CASE WHEN policy rewrite for cleaner evaluation
Full write-up: https://dev.to/dvoraj75/postgresql-rls-is-fail-closed-but-is-it-fast-making-django-rls-tenants-index-friendly-2j18
GitHub: https://github.com/dvoraj75/django-rls-tenants
#Django #PostgreSQL #Python #MultiTenancy #RLS #OpenSource -
🚀 Day 1 on django-rls-tenants — bringing true PostgreSQL Row-Level Security to Django multitenancy!
Instead of separate schemas or filtered querysets, this library leverages native RLS policies at the DB level to isolate tenant data automatically.
✅ Pros:
• True DB-level isolation — tenants can't bleed into each other
• Transparent to Django ORM — no custom managers needed
• Leaner than schema-per-tenant approaches
• Scales well for high tenant counts
• Security enforced even outside the app layer❌ Cons:
• PostgreSQL-only (no MySQL/SQLite support)
• RLS policies add complexity to migrations
• Debugging cross-tenant issues can be tricky
• Superuser connections bypass RLS — needs care
• Less community tooling than shared-schema approachesStill very early, but the foundations are solid. Would love feedback from anyone who's tackled multitenancy in Django before! 🐘🐍
#Django #PostgreSQL #Python #Multitenancy #RLS #RowLevelSecurity #OpenSource #WebDev #SaaS #DjangoORM #DevLife