Differences

This shows you the differences between two versions of the page.

--- postgresqlflexible [2025/03/26 14:30] – z0hpvk
+++ postgresqlflexible [2025/03/26 14:58] (current) – z0hpvk
@@ Line 1: / Line 1: @@
-==== Entra ID Authentication ====
+===== Entra ID Authentication =====
+[[https://learn.microsoft.com/en-us/azure/postgresql/flexible-server/how-to-manage-azure-ad-users]]
+==== Logon ====
-<code>
+<code powershell>
 az login
 az account get-access-token --resource-type oss-rdbms --output tsv --query accessToken
@@ Line 8: / Line 10: @@
 </code>
-<code SQL>
+==== Administration ====
--- Display existing Entra principals
+<code postgresql>
+-- Display all existing Entra principals
 select * from pg_catalog.pgaadauth_list_principals(false);
--- Add Entra principal to the server.
+-- Add Entra principal to the server, "roleName" must match the name of an existing Entra principal
--- roleName must match the name of an existing Entra principal
 select * from pg_catalog.pgaadauth_create_principal(roleName text, isAdmin boolean, isMfa boolean)
 select * from pg_catalog.pgaadauth_create_principal('postgres_users', false, false)
-</code SQL>
+</code>
+<code postgresql>
+-- Enable Microsoft Entra authentication for an existing PostgreSQL role
+SECURITY LABEL for "pgaadauth" on role "postgres_admin" is 'aadauth,oid=<objectId>,type=<objectType>,admin';
+</code>