pg_shadow contains information about database users. The name stems from the fact that this table should not be readable by the public since it contains passwords. pg_user is a publicly readable view on pg_shadow that blanks out the password field.
The Administrator's Guide contains detailed information about user and permission management.
Because user identities are cluster-wide, pg_shadow is shared across all databases of a cluster: there is only one copy of pg_shadow per cluster, not one per database.
Table 3-26. pg_shadow Columns
| Name | Type | References | Description |
|---|
| usename | name | | User name |
| usesysid | int4 | | User id (arbitrary number used to reference this user) |
| usecreatedb | bool | | User may create databases |
| usesuper | bool | | User is a superuser |
| usecatupd | bool | | User may update system catalogs. (Even a superuser may not do this unless this attribute is true.) |
| passwd | text | | Password |
| valuntil | abstime | | Account expiry time (only used for password authentication) |
| useconfig | text[] | | Session defaults for run-time configuration variables |
