The catalog pg_shadow
contains information about
database users. The name stems from the fact that this table
should not be readable by the public since it contains passwords.
pg_user
is a publicly readable view on
pg_shadow
that blanks out the password field.
Chapter 17, Database Users and Privileges contains detailed information about user and privilege management.
Because user identities are cluster-wide,
pg_shadow
is shared across all databases of a cluster: there is only one
copy of pg_shadow
per cluster, not
one per database.
Table 41.26. pg_shadow
Columns
Name | Type | References | Description |
---|---|---|---|
usename |
name |
User name | |
usesysid |
int4 |
User ID (arbitrary number used to reference this user) | |
usecreatedb |
bool |
User may create databases | |
usesuper |
bool |
User is a superuser | |
usecatupd |
bool |
User may update system catalogs. (Even a superuser may not do this unless this column is true.) | |
passwd |
text |
Password (possibly encrypted) | |
valuntil |
abstime |
Password expiry time (only used for password authentication) | |
useconfig |
text[] |
Session defaults for run-time configuration variables |