RLS can can restrict per-tenant database user to access tenant-owned rows and prevent accidental cross-tenant information sharing. Alternatively, RLS can allow the same database user, but require setting a session variable like app.current_tenant_id. Public information can then be exposed through views, which typically bypasses RLS and does not require a specific tenant to read (e.g. look up domain to tenant mapping). Under both approaches to multi-tenancy, every table needs a tenant_user or tenant_id column.