> Correct, but you have yet to mention any other solution where there is more than one boundary at the data access layer. Because there really isn't any.

I have. I gave the example of using RLS where users still provide the token to gain RLS privileges but an app brokers and constraints the connections. I have also given the example of encryption, to which your response is that encryption is hard, which I don't think is true but doesn't really change anything. Encryption is absolutely a data access layer control.