diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml
index ac39c639ed..f75f69e86f 100644
--- a/doc/src/sgml/catalogs.sgml
+++ b/doc/src/sgml/catalogs.sgml
@@ -11042,8 +11042,12 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx
User mapping specific options, as keyword=value>
- strings, if the current user is the owner of the foreign
- server, else null
+ strings. This column will show as null
+ unless the current user is the user being mapped, or the mapping
+ is for PUBLIC and the current user is the
+ server owner, or the current user is a superuser. The intent is
+ to protect password information stored as user mapping
+ option.
diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql
index d357c8b8fd..43fe44fbe9 100644
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@@ -920,10 +920,11 @@ CREATE VIEW pg_user_mappings AS
ELSE
A.rolname
END AS usename,
- CASE WHEN pg_has_role(S.srvowner, 'USAGE') OR has_server_privilege(S.oid, 'USAGE') THEN
- U.umoptions
- ELSE
- NULL
+ CASE
+ WHEN U.umuser <> 0::oid AND A.rolname = "current_user"() OR U.umuser = 0::oid AND pg_has_role(S.srvowner::name, 'USAGE'::text) OR ( SELECT pg_authid.rolsuper
+ FROM pg_authid
+ WHERE pg_authid.rolname = "current_user"()) THEN U.umoptions
+ ELSE NULL::text[]
END AS umoptions
FROM pg_user_mapping U
JOIN pg_foreign_server S ON (U.umserver = S.oid)