When using Row-Level Security, what is the primary purpose of the security predicate?

Row visibility is controlled by a security predicate that acts as a per-row filter. In Row-Level Security, a policy attaches a boolean expression—the predicate—that is evaluated for every row when a user runs a query. If the expression evaluates to true, the row is returned to that user; if it evaluates to false, the row is hidden from them. This lets you tailor access using who the user is, their roles, or session context, so different users may see different subsets of the same table. The predicate is not about encryption, logging, or authenticating users—those are separate security concerns. It enables fine-grained access control, especially useful in multi-tenant environments or when enforcing least-privilege data visibility. For example, a predicate might restrict rows to those belonging to the user’s region or department, ensuring each user only sees relevant data.