pg_shadow contains information about database users. The name stems from the fact that this table should not be readable by the public since it contains passwords. pg_user is a publicly readable view on pg_shadow that blanks out the password field.
The Administrator's Guide contains detailed information about user and permission management.
Because user identities are cluster-wide, pg_shadow is shared across all databases of a cluster: there is only one copy of pg_shadow per cluster, not one per database.
Table 3-18. pg_shadow Columns
| Name | Type | References | Description |
|---|---|---|---|
| usename | name | User name | |
| usesysid | int4 | User id (arbitrary number used to reference this user) | |
| usecreatedb | bool | User may create databases | |
| usetrace | bool | not used | |
| usesuper | bool | User is a superuser | |
| usecatupd | bool | User may update system catalogs. (Even a superuser may not do this unless this attribute is true.) | |
| passwd | text | Password | |
| valuntil | abstime | Account expiry time (only used for password authentication) |