{"id":1682,"date":"2025-10-11T14:19:08","date_gmt":"2025-10-11T14:19:08","guid":{"rendered":"https:\/\/virtualall.sk\/?p=1682"},"modified":"2026-01-11T08:57:43","modified_gmt":"2026-01-11T08:57:43","slug":"overenie-pristupu-k-azure-sql","status":"publish","type":"post","link":"https:\/\/virtualall.sk\/en\/2025\/10\/overenie-pristupu-k-azure-sql\/","title":{"rendered":"Azure SQL Access Verification &#8211; Complete Authentication Guide"},"content":{"rendered":"<div style=\"background-color: #e7f3ff; border-left: 4px solid #2196F3; padding: 15px; margin: 20px 0;\">\n<strong>TL;DR &#8211; R\u00fdchle zhrnutie:<\/strong> Overenie pr\u00edstupu k Azure SQL podporuje SQL Authentication (login\/heslo), Entra ID (cloudov\u00e1 identita s MFA), OAuth2 tokeny a Hybrid AD. Preferujte Entra ID pre lep\u0161iu bezpe\u010dnos\u0165. Pou\u017e\u00edvajte skupiny namiesto individu\u00e1lnych \u00fa\u010dtov a hesl\u00e1 ukladajte v Azure Key Vault.\n<\/div>\n<div style=\"background-color: #f0f0f0; padding: 15px; margin: 20px 0; border-radius: 5px;\">\n<strong>R\u00fdchle fakty o Azure SQL autentifik\u00e1cii:<\/strong><\/p>\n<ul>\n<li><strong>Met\u00f3dy:<\/strong> SQL Auth, Entra ID, OAuth2 Token, Hybrid AD<\/li>\n<li><strong>Odpor\u00fa\u010dan\u00e9:<\/strong> Microsoft Entra ID (Azure AD)<\/li>\n<li><strong>Bezpe\u010dnos\u0165:<\/strong> MFA, Conditional Access, Audit trail<\/li>\n<li><strong>Spr\u00e1va hesiel:<\/strong> Azure Key Vault<\/li>\n<li><strong>Best practice:<\/strong> Skupiny namiesto individu\u00e1lnych \u00fa\u010dtov<\/li>\n<li><strong>Compliance:<\/strong> NIS2, ISO 27001<\/li>\n<\/ul>\n<\/div>\n<p><strong>Overenie pr\u00edstupu k Azure SQL<\/strong> je kritick\u00fd aspekt zabezpe\u010denia cloudov\u00fdch datab\u00e1z. V tomto \u010dl\u00e1nku v\u00e1m uk\u00e1\u017eem r\u00f4zne met\u00f3dy autentifik\u00e1cie pre Azure SQL Database a ako ich spr\u00e1vne implementova\u0165.<\/p>\n<p>Spr\u00e1vne <strong>overenie pr\u00edstupu k Azure SQL<\/strong> je z\u00e1kladom bezpe\u010dnej cloudovej infra\u0161trukt\u00fary a s\u00faladu s regul\u00e1ciami ako NIS2 a ISO 27001.<\/p>\n<h2>Met\u00f3dy overenia pr\u00edstupu k Azure SQL<\/h2>\n<p>Azure SQL Database podporuje nieko\u013eko met\u00f3d autentifik\u00e1cie:<\/p>\n<ul>\n<li><strong>SQL Authentication<\/strong> \u2013 tradi\u010dn\u00e9 prihl\u00e1senie pomocou mena a hesla<\/li>\n<li><strong>Azure Active Directory (Entra ID)<\/strong> \u2013 modern\u00e1 cloudov\u00e1 autentifik\u00e1cia<\/li>\n<li><strong>Token-based access (OAuth2)<\/strong> \u2013 programov\u00fd pr\u00edstup cez tokeny<\/li>\n<li><strong>Hybrid AD<\/strong> \u2013 on-premises AD cez Azure AD Connect<\/li>\n<\/ul>\n<p>Viac o autentifika\u010dn\u00fdch met\u00f3dach n\u00e1jdete v <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/azure-sql\/database\/authentication-aad-overview\" target=\"_blank\" rel=\"dofollow noopener\">Microsoft dokument\u00e1cii pre Azure SQL autentifik\u00e1ciu<\/a>.<\/p>\n<h2>SQL Authentication pre overenie pr\u00edstupu k Azure SQL<\/h2>\n<p>Tradi\u010dn\u00e1 met\u00f3da vyu\u017e\u00edvaj\u00faca login a heslo:<\/p>\n<pre><code>-- Vytvorenie server-level loginu\nCREATE LOGIN [app_user] WITH PASSWORD = 'SecurePassword123!';\n\n-- Vytvorenie database usera\nCREATE USER [app_user] FOR LOGIN [app_user];\n\n-- Priradenie opr\u00e1vnen\u00ed\nALTER ROLE db_datareader ADD MEMBER [app_user];\nALTER ROLE db_datawriter ADD MEMBER [app_user];\n<\/code><\/pre>\n<div style=\"background-color: #f8d7da; border-left: 4px solid #dc3545; padding: 15px; margin: 20px 0;\">\n<strong>Upozornenie:<\/strong> Nikdy neukladajte hesl\u00e1 v plaintext form\u00e1te v produk\u010dn\u00fdch skriptoch. Pou\u017eite Azure Key Vault.\n<\/div>\n<h2>Azure AD (Entra ID) autentifik\u00e1cia<\/h2>\n<p>Modernej\u0161\u00ed a bezpe\u010dnej\u0161\u00ed pr\u00edstup vyu\u017e\u00edvaj\u00faci cloudov\u00e9 identity:<\/p>\n<pre><code>-- Vytvorenie usera z extern\u00e9ho providera (Entra ID)\nCREATE USER [user@domain.com] FROM EXTERNAL PROVIDER;\n\n-- Priradenie opr\u00e1vnen\u00ed\nALTER ROLE db_datareader ADD MEMBER [user@domain.com];\n<\/code><\/pre>\n<h3>V\u00fdhody Entra ID autentifik\u00e1cie<\/h3>\n<ul>\n<li><strong>MFA podpora<\/strong> \u2013 viacfaktorov\u00e9 overenie<\/li>\n<li><strong>Centralizovan\u00e1 spr\u00e1va<\/strong> \u2013 jeden \u00fa\u010det pre v\u0161etky slu\u017eby<\/li>\n<li><strong>Conditional Access<\/strong> \u2013 podmienen\u00fd pr\u00edstup pod\u013ea lok\u00e1cie, zariadenia<\/li>\n<li><strong>Audit trail<\/strong> \u2013 kompletn\u00e9 logy prihl\u00e1sen\u00ed<\/li>\n<\/ul>\n<h2>Token-based pr\u00edstup (OAuth2)<\/h2>\n<p>Pre aplik\u00e1cie a automatizovan\u00e9 procesy:<\/p>\n<pre><code># PowerShell - z\u00edskanie access tokenu\n$token = Get-AzAccessToken -ResourceUrl \"https:\/\/database.windows.net\/\"\n\n# Pripojenie k datab\u00e1ze s tokenom\n$connectionString = \"Server=tcp:server.database.windows.net;Database=mydb;Authentication=Active Directory Default\"\n<\/code><\/pre>\n<h2>Konfigur\u00e1cia Entra ID skup\u00edn<\/h2>\n<p>Pre efekt\u00edvnu spr\u00e1vu opr\u00e1vnen\u00ed vytvorte skupiny v Entra ID:<\/p>\n<ol>\n<li>V Azure port\u00e1li prejdite na <strong>Entra ID \u2192 Groups<\/strong><\/li>\n<li>Vytvorte nov\u00fa Security group (napr. &#8220;SQL-Readers&#8221;)<\/li>\n<li>Pridajte \u010dlenov skupiny<\/li>\n<li>V SQL datab\u00e1ze vytvorte usera pre skupinu:<\/li>\n<\/ol>\n<pre><code>CREATE USER [SQL-Readers] FROM EXTERNAL PROVIDER;\nALTER ROLE db_datareader ADD MEMBER [SQL-Readers];\n<\/code><\/pre>\n<h2>Best practices pre overenie pr\u00edstupu k Azure SQL<\/h2>\n<ul>\n<li><strong>Preferujte Entra ID<\/strong> pred SQL Authentication<\/li>\n<li><strong>Pou\u017e\u00edvajte skupiny<\/strong> namiesto individu\u00e1lnych \u00fa\u010dtov<\/li>\n<li><strong>Implementujte MFA<\/strong> pre v\u0161etk\u00fdch pou\u017e\u00edvate\u013eov<\/li>\n<li><strong>Hesl\u00e1 ukladajte v Key Vault<\/strong><\/li>\n<li><strong>Pravidelne auditujte<\/strong> opr\u00e1vnenia a pr\u00edstupy<\/li>\n<li><strong>Pou\u017e\u00edvajte Managed Identity<\/strong> pre aplik\u00e1cie<\/li>\n<\/ul>\n<h2>Zhrnutie<\/h2>\n<p><strong>Overenie pr\u00edstupu k Azure SQL<\/strong> je k\u013e\u00fa\u010dov\u00e9 pre bezpe\u010dnos\u0165 va\u0161ich d\u00e1t. K\u013e\u00fa\u010dov\u00e9 body:<\/p>\n<ul>\n<li>Entra ID autentifik\u00e1cia je preferovan\u00e1 met\u00f3da<\/li>\n<li>MFA v\u00fdrazne zvy\u0161uje bezpe\u010dnos\u0165<\/li>\n<li>Skupiny zjednodu\u0161uj\u00fa spr\u00e1vu opr\u00e1vnen\u00ed<\/li>\n<li>Key Vault chr\u00e1ni citliv\u00e9 \u00fadaje<\/li>\n<\/ul>\n<h2>\u010casto kladen\u00e9 ot\u00e1zky (FAQ)<\/h2>\n<h3>Ak\u00e9 met\u00f3dy autentifik\u00e1cie podporuje Azure SQL Database?<\/h3>\n<p>Azure SQL podporuje <strong>SQL Authentication<\/strong> (login\/heslo), <strong>Microsoft Entra ID<\/strong> (cloudov\u00e1 identita), <strong>OAuth2 tokeny<\/strong> pre aplik\u00e1cie a <strong>Hybrid AD<\/strong> cez Azure AD Connect pre on-premises integr\u00e1ciu.<\/p>\n<h3>Pre\u010do je Entra ID lep\u0161ie ako SQL Authentication?<\/h3>\n<p>Entra ID poskytuje <strong>MFA podporu<\/strong>, <strong>Conditional Access<\/strong>, <strong>centralizovan\u00fa spr\u00e1vu<\/strong> ident\u00edt a <strong>kompletn\u00fd audit trail<\/strong>. SQL Authentication m\u00e1 len statick\u00e9 hesl\u00e1 bez pokro\u010dil\u00fdch bezpe\u010dnostn\u00fdch funkci\u00ed.<\/p>\n<h3>Ako vytvori\u0165 pou\u017e\u00edvate\u013ea z Entra ID v Azure SQL?<\/h3>\n<p>Pou\u017eite pr\u00edkaz <strong>CREATE USER [user@domain.com] FROM EXTERNAL PROVIDER<\/strong>. Pou\u017e\u00edvate\u013e mus\u00ed existova\u0165 v Entra ID a mus\u00edte ma\u0165 nastaven\u00fa Azure AD autentifik\u00e1ciu na SQL serveri.<\/p>\n<h3>\u010co je Azure Key Vault a pre\u010do ho pou\u017ei\u0165?<\/h3>\n<p><strong>Azure Key Vault<\/strong> je slu\u017eba na bezpe\u010dn\u00e9 ukladanie citliv\u00fdch \u00fadajov (hesl\u00e1, certifik\u00e1ty, k\u013e\u00fa\u010de). Pou\u017e\u00edva sa namiesto hardcoded hesiel v k\u00f3de, \u010d\u00edm sa zvy\u0161uje bezpe\u010dnos\u0165 a zjednodu\u0161uje rot\u00e1cia credentials.<\/p>\n<h3>Ako implementova\u0165 MFA pre Azure SQL pr\u00edstup?<\/h3>\n<p>MFA je automaticky dostupn\u00e9 pri pou\u017eit\u00ed <strong>Entra ID autentifik\u00e1cie<\/strong>. Nakonfigurujte MFA politiky v Entra ID \u2192 Security \u2192 Conditional Access. Pri pripojen\u00ed k datab\u00e1ze bude pou\u017e\u00edvate\u013e vyzvan\u00fd na druh\u00fd faktor.<\/p>\n<h3>M\u00f4\u017eem pou\u017ei\u0165 skupiny na spr\u00e1vu opr\u00e1vnen\u00ed v Azure SQL?<\/h3>\n<p>\u00c1no, vytvorte <strong>Security group v Entra ID<\/strong>, pridajte \u010dlenov a v SQL datab\u00e1ze vytvorte usera: <strong>CREATE USER [GroupName] FROM EXTERNAL PROVIDER<\/strong>. V\u0161etci \u010dlenovia skupiny zdedia opr\u00e1vnenia.<\/p>\n<p>\u010eal\u0161ie n\u00e1vody na <a href=\"https:\/\/virtualall.sk\/category\/azure\/\">Azure konfigur\u00e1ciu<\/a> n\u00e1jdete v na\u0161ej sekcii.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u010cl\u00e1nok vysvet\u013euje sp\u00f4soby overovania v Azure SQL Database \u2013 od klasickej SQL autentifik\u00e1cie cez Azure Active Directory a\u017e po Managed Identity. Popisuje vytv\u00e1ranie pou\u017e\u00edvate\u013eov, priradenie pr\u00e1v a odpor\u00fa\u010dan\u00e9 bezpe\u010dnostn\u00e9 postupy. Zd\u00f4raz\u0148uje v\u00fdznam MFA, Key Vault, auditu a spr\u00e1vneho n\u00e1vrhu autentifik\u00e1cie pre bezpe\u010dn\u00e9 cloudov\u00e9 prostredie.<\/p>\n","protected":false},"author":1,"featured_media":1686,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[144,87,145],"class_list":["post-1682","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-ayure-sql","tag-azure","tag-azure-mssql"],"_links":{"self":[{"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/posts\/1682","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/comments?post=1682"}],"version-history":[{"count":7,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/posts\/1682\/revisions"}],"predecessor-version":[{"id":1926,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/posts\/1682\/revisions\/1926"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/media\/1686"}],"wp:attachment":[{"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/media?parent=1682"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/categories?post=1682"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/virtualall.sk\/en\/wp-json\/wp\/v2\/tags?post=1682"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}