Peter Eisentraut <peter_e@gmx.net> writes:
> I think the proper way to handle it might be to introduce a new
> privilege type -- call it SELECT if you like -- that determines
> specifically whether you can *see* the options of a foreign-data
> wrapper, foreign server, or user mapping, respectively. As opposed to
> USAGE, which means you can use the object for connecting (in the
> future). This might have other uses: The owner of a server might want
> to hide the host name, but still let you connect.
How would you implement/enforce that, in the absence of row-level
security on the catalogs involved?
regards, tom lane