[Q] Multiple customer apps - maintaining data separation - how?

I need security separation between user groups in a Rails application
(ie multiple paying customer companies with individual users). Because
the data is privacy critical (accounts data) it is vital that one user
group can't see what is going on in another. But I still want shared
physical infrastructure if I can get away with it.

So what is the accepted standard for implementing this aspect in Rails?

It seems to me that this problem keeps getting solved again and again.
First the operating system has a security mechanism based on users and
groups. So the database ignores that one and implements its own
separation based on its own user database. Then the application ignores
both of these solutions and does its own thing again.

Simplistically you do it in the application and risk a bug giving
access to somebody elses data. Seems a bit dangerous to me

Beyond that you implement one database user and one database within the
shared DBMS per client company and run up mongrels and a specific URL
locked onto that database. That way you're guaranteed that the customer
separation exists. But that doesn't appear to be easily handled by the
configuration systems.

Has anybody got a good handle on this? It must have been solved dozens
of times by now.