How does tenant isolation work on a shared database?

Attach a row-level WHERE filter to the credential, such as tenant_id = X. PgBeam appends it to every read at the wire, so a credential for one tenant cannot read another's rows.

Can the copilot issue a refund on its own?

Only if you let it. Keep the credential read-only for live data and route proposed writes through human approval. Auto-approve rules can clear small, safe edits automatically.

Can I prove to a customer what the copilot did?

Yes. The audit trail records every statement with its decision and reason, and exports to CSV. Filter by credential and decision to show exactly what was read and proposed.

Use case

Safe Postgres for customer-support copilots

Give a support copilot scoped, tenant-isolated, read access to live order and ticket data, with PII masked and every proposed write held for human approval. Enforced in the wire protocol, audited end to end.

Get Started Read the docs

A support copilot reads live customer data to draft replies and propose actions. On a shared multi-tenant database that means two risks: the copilot for one tenant reading another's data, and customer PII flowing into the model. PgBeam handles both at the wire, and holds every proposed write for a human, so the copilot can draft a refund but never issue one unattended.

Tenant isolation without trusting the prompt

Attach a row-level WHERE filter to the credential so every read is automatically scoped to one tenant. The copilot for support-org A cannot read support-org B's orders, even on the same shared table, and you never depend on the model to add a WHERE clause.

Mask customer email and phone with partial or hash masking, so an agent can verify identity without the full value leaking into the model's context.

Reads pass, writes wait for a human

Keep the credential read for live data and route every proposed write, a refund row, a ticket status change, through human approval in the dashboard or Slack. Add auto-approve rules for trivial safe edits so humans are not a bottleneck on noise.

Every row the copilot read and every action it proposed is recorded in the audit trail, exportable as a trust artifact for the support org's own compliance team.

Row-level isolation

A WHERE filter scopes every read to one tenant, applied at the wire.

PII masking

Partial or hash masking on email and phone so raw PII never reaches the model.

Approval-gated writes

Every refund or status change is held for human approval, with auto-approve rules.

Customer-facing audit

Exportable record of every row read and action proposed, as a trust feature.

More ways to use PgBeam

A hosted MCP server for Postgres Give Claude and Cursor safe database access Read-only Postgres for AI agents PII masking for LLM database access Safe Postgres for AI analytics agents Safe Postgres for autonomous workflows

Questions

Give your agent safe Postgres access

Start with a 14-day free trial. No credit card required.

Technical preview. For internal testing only.

Get Started