diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml index ac39c639ed..f75f69e86f 100644 --- a/doc/src/sgml/catalogs.sgml +++ b/doc/src/sgml/catalogs.sgml @@ -11042,8 +11042,12 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx User mapping specific options, as keyword=value - strings, if the current user is the owner of the foreign - server, else null + strings. This column will show as null + unless the current user is the user being mapped, or the mapping + is for PUBLIC and the current user is the + server owner, or the current user is a superuser. The intent is + to protect password information stored as user mapping + option. diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql index d357c8b8fd..43fe44fbe9 100644 --- a/src/backend/catalog/system_views.sql +++ b/src/backend/catalog/system_views.sql @@ -920,10 +920,11 @@ CREATE VIEW pg_user_mappings AS ELSE A.rolname END AS usename, - CASE WHEN pg_has_role(S.srvowner, 'USAGE') OR has_server_privilege(S.oid, 'USAGE') THEN - U.umoptions - ELSE - NULL + CASE + WHEN U.umuser <> 0::oid AND A.rolname = "current_user"() OR U.umuser = 0::oid AND pg_has_role(S.srvowner::name, 'USAGE'::text) OR ( SELECT pg_authid.rolsuper + FROM pg_authid + WHERE pg_authid.rolname = "current_user"()) THEN U.umoptions + ELSE NULL::text[] END AS umoptions FROM pg_user_mapping U JOIN pg_foreign_server S ON (U.umserver = S.oid)