pg_shadow contains information about database users. The name stems from the fact that this table should not be readable by the public since it contains passwords. pg_user is a publicly readable view on pg_shadow that blanks out the password field.
The Administrator's Guide contains detailed information about user and permission management.
Because user identities are cluster-wide, pg_shadow is shared across all databases of a cluster: there is only one copy of pg_shadow per cluster, not one per database.
Table 3-26. pg_shadow Columns
Name | Type | References | Description |
---|---|---|---|
usename | name | User name | |
usesysid | int4 | User id (arbitrary number used to reference this user) | |
usecreatedb | bool | User may create databases | |
usesuper | bool | User is a superuser | |
usecatupd | bool | User may update system catalogs. (Even a superuser may not do this unless this attribute is true.) | |
passwd | text | Password | |
valuntil | abstime | Account expiry time (only used for password authentication) | |
useconfig | text[] | Session defaults for run-time configuration variables |