As it stands, and for the likely foreseeable future, we do not implement access control for the structure of a workspace. That is to say, the fact that db X has a relationship to db Y is not considered protected information.
Of course, there is the possibility that we would implement UI functionality that limits which relations are visible to any given user, but it would not be a strict access control mechanism (it would not stop a user querying the schema via API for example).
I suspect your use case is more covered by this
and the topic linked in that discussion.
I expect that will be delivered in Jan or Feb next year 