Hi Stephen,
By using Security Barrier we had a huge impact on performance , it was not considering proper indexes and was doing some filtration with respect to that User on top of other filtration. So we didn't choose to add a security barrier with each view we created.
Similar issue we had with ROW level security enabling, tables were always going for Sequential Scan, when policies were imposed on rows.
From an implementation perspective, I thought I asked questions from bottom to top.
From a Development perspective we are moving our already multi-tenant system (achieved at database level with views) to SaaS implementation . In SaaS we have tried to achieve isolation to bit extend , but now we wanted to have encryption for multiple tenants .
So as over from all these discussions best would be to achieve encryption at application level only.
But not sure how we can Limit access of DBA's across tenants. We dont want DBA's of one customer accessing or viewing data to another customer. Or Overall DBA's shouldn't be able to access sensitive data from database.
We are mostly looking over Insider Thread... Application Server Compromise..DB server Compromise.