diff --git a/internal/store/postgres/migrations/000016_create_namespace_table_and_add_namespace_in_tables.down.sql b/internal/store/postgres/migrations/000016_create_namespace_table_and_add_namespace_in_tables.down.sql
new file mode 100644
index 000000000..b3de4e7e6
--- /dev/null
+++ b/internal/store/postgres/migrations/000016_create_namespace_table_and_add_namespace_in_tables.down.sql
@@ -0,0 +1,55 @@
+BEGIN;
+
+-- drop all index we created
+ALTER TABLE resources DROP CONSTRAINT fk_resources_provider_type_urn;
+ALTER TABLE appeals DROP CONSTRAINT fk_appeals_resource;
+ALTER TABLE appeals DROP CONSTRAINT fk_appeals_policy_id_version;
+ALTER TABLE approvals DROP CONSTRAINT fk_approvals_appeal;
+ALTER TABLE approvers DROP CONSTRAINT fk_approvals_approvers;
+ALTER TABLE grants DROP CONSTRAINT fk_grants_resource_id;
+ALTER TABLE grants DROP CONSTRAINT fk_grants_appeal_id;
+ALTER TABLE resources DROP CONSTRAINT fk_resources_parent_id;
+ALTER TABLE activities DROP CONSTRAINT fk_activities_provider_id;
+ALTER TABLE activities DROP CONSTRAINT fk_activities_resource_id
+
+DROP INDEX IF EXISTS activities_provider_activity_provider_idx;
+DROP INDEX IF EXISTS providers_type_urn;
+DROP INDEX IF EXISTS resources_provider_type_provider_urn_type_urn;
+
+-- create at least all unique index back
+
+CREATE UNIQUE INDEX provider_activity_index ON activities(provider_activity_id, provider_id);
+CREATE UNIQUE INDEX provider_index ON providers(type,urn);
+CREATE UNIQUE INDEX resource_index ON resources(provider_type,provider_urn,type,urn);
+
+-- drop all columns we created
+
+DROP INDEX IF EXISTS idx_activities_namespace_id;
+ALTER TABLE activities DROP COLUMN IF EXISTS namespace_id;
+
+DROP INDEX IF EXISTS idx_appeals_namespace_id;
+ALTER TABLE appeals DROP COLUMN IF EXISTS namespace_id;
+
+DROP INDEX IF EXISTS idx_approvals_namespace_id;
+ALTER TABLE approvals DROP COLUMN IF EXISTS namespace_id;
+
+DROP INDEX IF EXISTS idx_audit_logs_namespace_id;
+ALTER TABLE audit_logs DROP COLUMN IF EXISTS namespace_id;
+
+DROP INDEX IF EXISTS idx_grants_namespace_id;
+ALTER TABLE grants DROP COLUMN IF EXISTS namespace_id;
+
+DROP INDEX IF EXISTS idx_policies_namespace_id;
+ALTER TABLE policies DROP COLUMN IF EXISTS namespace_id;
+
+DROP INDEX IF EXISTS idx_providers_namespace_id;
+ALTER TABLE providers DROP COLUMN IF EXISTS namespace_id;
+
+DROP INDEX IF EXISTS idx_resources_namespace_id;
+ALTER TABLE resources DROP COLUMN IF EXISTS namespace_id;
+
+----
+
+DROP TABLE IF EXISTS namespaces;
+
+COMMIT;
\ No newline at end of file
diff --git a/internal/store/postgres/migrations/000016_create_namespace_table_and_add_namespace_in_tables.up.sql b/internal/store/postgres/migrations/000016_create_namespace_table_and_add_namespace_in_tables.up.sql
new file mode 100644
index 000000000..659c1613a
--- /dev/null
+++ b/internal/store/postgres/migrations/000016_create_namespace_table_and_add_namespace_in_tables.up.sql
@@ -0,0 +1,83 @@
+BEGIN;
+
+CREATE EXTENSION IF NOT EXISTS "uuid-ossp";
+CREATE TABLE IF NOT EXISTS namespaces (
+    id uuid DEFAULT gen_random_uuid() PRIMARY KEY,
+    name text UNIQUE NOT NULL,
+    state text,
+    metadata jsonb,
+    created_at timestamp DEFAULT NOW(),
+    updated_at timestamp DEFAULT NOW(),
+    deleted_at timestamp
+    );
+
+ALTER TABLE activities ADD COLUMN IF NOT EXISTS namespace_id uuid NOT NULL DEFAULT uuid_nil();
+CREATE INDEX IF NOT EXISTS idx_activities_namespace_id ON activities(namespace_id);
+
+ALTER TABLE appeals ADD COLUMN IF NOT EXISTS namespace_id uuid NOT NULL DEFAULT uuid_nil();
+CREATE INDEX IF NOT EXISTS idx_appeals_namespace_id ON appeals(namespace_id);
+
+ALTER TABLE approvals ADD COLUMN IF NOT EXISTS namespace_id uuid NOT NULL DEFAULT uuid_nil();
+CREATE INDEX IF NOT EXISTS idx_approvals_namespace_id ON approvals(namespace_id);
+
+ALTER TABLE audit_logs ADD COLUMN IF NOT EXISTS namespace_id uuid NOT NULL DEFAULT uuid_nil();
+CREATE INDEX IF NOT EXISTS idx_audit_logs_namespace_id ON audit_logs(namespace_id);
+
+ALTER TABLE grants ADD COLUMN IF NOT EXISTS namespace_id uuid NOT NULL DEFAULT uuid_nil();
+CREATE INDEX IF NOT EXISTS idx_grants_namespace_id ON grants(namespace_id);
+
+ALTER TABLE policies ADD COLUMN IF NOT EXISTS namespace_id uuid NOT NULL DEFAULT uuid_nil();
+CREATE INDEX IF NOT EXISTS idx_policies_namespace_id ON policies(namespace_id);
+
+ALTER TABLE providers ADD COLUMN IF NOT EXISTS namespace_id uuid NOT NULL DEFAULT uuid_nil();
+CREATE INDEX IF NOT EXISTS idx_providers_namespace_id ON providers(namespace_id);
+
+ALTER TABLE resources ADD COLUMN IF NOT EXISTS namespace_id uuid NOT NULL DEFAULT uuid_nil();
+CREATE INDEX IF NOT EXISTS idx_resources_namespace_id ON resources(namespace_id);
+
+-- drop all unique index/foreign constraints in use
+ALTER TABLE resources DROP CONSTRAINT fk_resources_provider;
+ALTER TABLE appeals DROP CONSTRAINT fk_appeals_resource;
+ALTER TABLE appeals DROP CONSTRAINT fk_appeals_policy;
+ALTER TABLE approvals DROP CONSTRAINT fk_approvals_appeal;
+ALTER TABLE approvals DROP CONSTRAINT fk_appeals_approvals;
+ALTER TABLE approvers DROP CONSTRAINT fk_approvals_approvers;
+ALTER TABLE grants DROP CONSTRAINT fk_grants_resource;
+ALTER TABLE grants DROP CONSTRAINT fk_grants_appeal;
+ALTER TABLE resources DROP CONSTRAINT fk_resources_parent;
+ALTER TABLE activities DROP CONSTRAINT fk_activities_provider;
+ALTER TABLE activities DROP CONSTRAINT fk_activities_resource;
+
+DROP INDEX IF EXISTS provider_activity_index
+DROP INDEX IF EXISTS provider_index;
+DROP INDEX IF EXISTS resource_index;
+
+-- include namespace in unique index/foreign constraints
+ALTER TABLE resources
+    ADD CONSTRAINT fk_resources_provider_type_urn FOREIGN KEY (namespace_id,provider_type,provider_urn)
+    REFERENCES providers(namespace_id,type,urn);
+ALTER TABLE appeals
+    ADD CONSTRAINT fk_appeals_resource FOREIGN KEY (namespace_id,resource_id) REFERENCES resources(namespace_id,id);
+ALTER TABLE appeals
+    ADD CONSTRAINT fk_appeals_policy_id_version FOREIGN KEY (namespace_id,policy_id,policy_version) REFERENCES policies(namespace_id,id,version);
+ALTER TABLE approvals
+    ADD CONSTRAINT fk_approvals_appeal FOREIGN KEY (namespace_id,appeal_id) REFERENCES appeals(namespace_id,id);
+ALTER TABLE approvers
+    ADD CONSTRAINT fk_approvals_approvers FOREIGN KEY (namespace_id,approval_id) REFERENCES approvals(namespace_id,id);
+ALTER TABLE grants
+    ADD CONSTRAINT fk_grants_resource_id FOREIGN KEY (namespace_id,resource_id) REFERENCES resources(namespace_id,id);
+ALTER TABLE grants
+    ADD CONSTRAINT fk_grants_appeal_id FOREIGN KEY (namespace_id,appeal_id) REFERENCES appeals(namespace_id,id);
+ALTER TABLE resources
+    ADD CONSTRAINT fk_resources_parent_id FOREIGN KEY (namespace_id,parent_id) REFERENCES resources(namespace_id,id);
+ALTER TABLE activities
+    ADD CONSTRAINT fk_activities_provider_id FOREIGN KEY (namespace_id,provider_id) REFERENCES providers(namespace_id,id);
+ALTER TABLE activities
+    ADD CONSTRAINT fk_activities_resource_id FOREIGN KEY (namespace_id,resource_id) REFERENCES resources(namespace_id,id);
+
+CREATE UNIQUE INDEX activities_provider_activity_provider_idx ON activities(namespace_id, provider_activity_id, provider_id);
+CREATE UNIQUE INDEX providers_type_urn ON providers(namespace_id,type,urn);
+CREATE UNIQUE INDEX resources_provider_type_provider_urn_type_urn ON resources(namespace_id,provider_type,provider_urn,type,urn);
+
+
+COMMIT;
\ No newline at end of file
diff --git a/internal/store/postgres/migrations/000017_enable_row_level_security_all_tables.down.sql b/internal/store/postgres/migrations/000017_enable_row_level_security_all_tables.down.sql
new file mode 100644
index 000000000..f6b6b1acb
--- /dev/null
+++ b/internal/store/postgres/migrations/000017_enable_row_level_security_all_tables.down.sql
@@ -0,0 +1,21 @@
+BEGIN;
+
+DROP POLICY IF EXISTS activities_isolation_policy ON activities;
+DROP POLICY IF EXISTS appeals_isolation_policy ON appeals;
+DROP POLICY IF EXISTS approvals_isolation_policy ON approvals;
+DROP POLICY IF EXISTS audit_logs_isolation_policy ON audit_logs;
+DROP POLICY IF EXISTS grants_isolation_policy ON grants;
+DROP POLICY IF EXISTS policies_isolation_policy ON policies;
+DROP POLICY IF EXISTS providers_isolation_policy ON providers;
+DROP POLICY IF EXISTS resources_isolation_policy ON resources;
+
+ALTER TABLE activities DISABLE ROW LEVEL SECURITY;
+ALTER TABLE appeals DISABLE ROW LEVEL SECURITY;
+ALTER TABLE approvals DISABLE ROW LEVEL SECURITY;
+ALTER TABLE audit_logs DISABLE ROW LEVEL SECURITY;
+ALTER TABLE grants DISABLE ROW LEVEL SECURITY;
+ALTER TABLE policies DISABLE ROW LEVEL SECURITY;
+ALTER TABLE providers DISABLE ROW LEVEL SECURITY;
+ALTER TABLE resources DISABLE ROW LEVEL SECURITY;
+
+COMMIT;
\ No newline at end of file
diff --git a/internal/store/postgres/migrations/000017_enable_row_level_security_all_tables.up.sql b/internal/store/postgres/migrations/000017_enable_row_level_security_all_tables.up.sql
new file mode 100644
index 000000000..2bcac2f05
--- /dev/null
+++ b/internal/store/postgres/migrations/000017_enable_row_level_security_all_tables.up.sql
@@ -0,0 +1,37 @@
+BEGIN;
+
+ALTER TABLE activities ENABLE ROW LEVEL SECURITY;
+ALTER TABLE appeals ENABLE ROW LEVEL SECURITY;
+ALTER TABLE approvals ENABLE ROW LEVEL SECURITY;
+ALTER TABLE audit_logs ENABLE ROW LEVEL SECURITY;
+ALTER TABLE grants ENABLE ROW LEVEL SECURITY;
+ALTER TABLE policies ENABLE ROW LEVEL SECURITY;
+ALTER TABLE providers ENABLE ROW LEVEL SECURITY;
+ALTER TABLE resources ENABLE ROW LEVEL SECURITY;
+
+
+DROP POLICY IF EXISTS activities_isolation_policy ON activities;
+CREATE POLICY activities_isolation_policy on activities USING (namespace_id = current_setting('app.current_tenant')::UUID);
+
+DROP POLICY IF EXISTS appeals_isolation_policy ON appeals;
+CREATE POLICY appeals_isolation_policy on appeals USING (namespace_id = current_setting('app.current_tenant')::UUID);
+
+DROP POLICY IF EXISTS approvals_isolation_policy ON approvals;
+CREATE POLICY approvals_isolation_policy on approvals USING (namespace_id = current_setting('app.current_tenant')::UUID);
+
+DROP POLICY IF EXISTS audit_logs_isolation_policy ON audit_logs;
+CREATE POLICY audit_logs_isolation_policy on audit_logs USING (namespace_id = current_setting('app.current_tenant')::UUID);
+
+DROP POLICY IF EXISTS grants_isolation_policy ON grants;
+CREATE POLICY grants_isolation_policy on grants USING (namespace_id = current_setting('app.current_tenant')::UUID);
+
+DROP POLICY IF EXISTS policies_isolation_policy ON policies;
+CREATE POLICY policies_isolation_policy on policies USING (namespace_id = current_setting('app.current_tenant')::UUID);
+
+DROP POLICY IF EXISTS providers_isolation_policy ON providers;
+CREATE POLICY providers_isolation_policy on providers USING (namespace_id = current_setting('app.current_tenant')::UUID);
+
+DROP POLICY IF EXISTS resources_isolation_policy ON resources;
+CREATE POLICY resources_isolation_policy on resources USING (namespace_id = current_setting('app.current_tenant')::UUID);
+
+COMMIT;
\ No newline at end of file