43.26. pg_shadow

The catalog pg_shadow contains information about database users. The name stems from the fact that this table should not be readable by the public since it contains passwords. pg_user is a publicly readable view on pg_shadow that blanks out the password field.

Chapter 17 contains detailed information about user and privilege management.

Because user identities are cluster-wide, pg_shadow is shared across all databases of a cluster: there is only one copy of pg_shadow per cluster, not one per database.

Table 43-26. pg_shadow Columns

NameTypeReferencesDescription
usenamename User name
usesysidint4 User id (arbitrary number used to reference this user)
usecreatedbbool User may create databases
usesuperbool User is a superuser
usecatupdbool  User may update system catalogs. (Even a superuser may not do this unless this column is true.)
passwdtext Password
valuntilabstime Account expiry time (only used for password authentication)
useconfigtext[] Session defaults for run-time configuration variables