# pg_shadow

The view `pg_shadow` shows properties of all roles that are marked as `rolcanlogin` in `pg_authid`.

The name stems from the fact that this table should not be readable by the public since it contains passwords. `pg_user` is a publicly readable view on `pg_shadow` that blanks out the password field.

Table 1. `pg_catalog.pg_shadow`

| Name           | Type          | References                 | Description                                                                          |
|----------------|---------------|----------------------------|--------------------------------------------------------------------------------------|
| `usename`      | `name`        | `pg_authid.rolname`        | User name                                                                            |
| `usesysid`     | `oid`         | `pg_authid.oid`            | ID of this user                                                                      |
| `usecreatedb`  | `bool`        |                            | User may create databases                                                            |
| `usesuper`     | `bool`        |                            | User is a superuser                                                                  |
| `userepl`      | `bool`        | `pg_authid.rolreplication` | User can initiate streaming replication and put the system in and out of backup mode |
| `usebypassrls` | `bool`        | `pg_authid.rolbypassrls`   | User bypasses every row-level security policy                                        |
| `passwd`       | `text`        |                            | Password (possibly encrypted)                                                        |
| `valuntil`     | `timestamptz` |                            | Password expiry time (only used for password authentication)                         |
| `useconfig`    | `text[]`      |                            | Session defaults for run-time configuration variables                                |