diff --git a/doc/src/sgml/catalogs.sgml b/doc/src/sgml/catalogs.sgml
index ac39c639ed..f75f69e86f 100644
--- a/doc/src/sgml/catalogs.sgml
+++ b/doc/src/sgml/catalogs.sgml
@@ -11042,8 +11042,12 @@ SELECT * FROM pg_locks pl LEFT JOIN pg_prepared_xacts ppx
       <entry></entry>
       <entry>
        User mapping specific options, as <quote>keyword=value</>
-       strings, if the current user is the owner of the foreign
-       server, else null
+       strings.  This column will show as null
+      unless the current user is the user being mapped, or the mapping
+      is for <literal>PUBLIC</literal> and the current user is the
+      server owner, or the current user is a superuser.  The intent is
+      to protect password information stored as user mapping
+      option.
       </entry>
      </row>
     </tbody>
diff --git a/src/backend/catalog/system_views.sql b/src/backend/catalog/system_views.sql
index d357c8b8fd..43fe44fbe9 100644
--- a/src/backend/catalog/system_views.sql
+++ b/src/backend/catalog/system_views.sql
@@ -920,10 +920,11 @@ CREATE VIEW pg_user_mappings AS
         ELSE
             A.rolname
         END AS usename,
-        CASE WHEN pg_has_role(S.srvowner, 'USAGE') OR has_server_privilege(S.oid, 'USAGE') THEN
-            U.umoptions
-        ELSE
-            NULL
+        CASE
+            WHEN U.umuser <> 0::oid AND A.rolname = "current_user"() OR U.umuser = 0::oid AND pg_has_role(S.srvowner::name, 'USAGE'::text) OR ( SELECT pg_authid.rolsuper
+               FROM pg_authid
+              WHERE pg_authid.rolname = "current_user"()) THEN U.umoptions
+            ELSE NULL::text[]
         END AS umoptions
     FROM pg_user_mapping U
         JOIN pg_foreign_server S ON (U.umserver = S.oid)