Is Postgres RLS for Everything and Everyone?

The blog post explores the complexities and limitations of using Row-Level Security (RLS) in Postgres for application authorization, suggesting that while RLS is a powerful tool for preventing cross-tenant data access in multi-tenant applications, it may not be suitable for expressing an app's entire authorization model due to its dense syntax and potential pitfalls, such as infinite recursion and difficulties in testing. The post also discusses the integration of Neon RLS into the Neon Data API and suggests using higher-level frameworks like CASL for more complex data models, while still employing RLS for essential security checks. It highlights the importance of structuring RLS policies correctly to leverage Postgres's optimization capabilities and avoid common errors, and encourages a hybrid approach combining RLS with other frameworks for better security and manageability.