I'm working on setting up a multi-tenant app. Every table in my database has a 'companies_id' column so that I can associate any data in my application back to the actual tenant. I understand how multi tenant security can be implemented when you do a Query All function and can use the Auth Information
Example: Querying the entire Division database
What I'm struggling to understand is how this same level of security can be applied when I'm just for example fetching a single row from a database, not executing a larger query.
Example: Querying the division database for a single row. Here I cannot specific the 'companies_id' filter to ensure the user requesting the row has access to the row.
This also extends to other functions such as delete, once again no ability to filter for tenancy on delete...
What exactly is the right way to go about doing this in these different scenarios I've mentioned?