Correct Answer: C

Applying row-level security policies directly in the database, using user roles and session variables to control access, is the most effective method for ensuring users can only access their own data in a multi-tenant application. This approach offers several advantages:

1. Granular Access Control: Row-level security allows for precise control over which rows of data a user can access, based on criteria like their tenant ID.
2. Role-Based Permissions: Assigning roles to users within the database enables detailed permissions management, specifying what data they can view or modify.
3. Dynamic Security Policies: Session variables can dynamically apply security policies based on the current user's context, ensuring data relevance and privacy.
4. Scalability and Efficiency: Direct database implementation is more scalable and efficient than alternatives like separate databases or middleware filtering, simplifying access control management.

This method ensures consistent and secure data access across the application, tailored to each user's permissions and context.