>How could an application which gets written from scratch use PostgreSQL to implement >row based permissions?
Are you looking for this? https://www.postgresql.org/docs/9.6/static/ddl-rowsecurity.html
Regards Daniel