6.2.1 Privileges Provided by MySQL

Table des matières

The privileges granted to a MySQL account determine which operations the account can perform. MySQL privileges differ in the contexts in which they apply and at different levels of operation:

Administrative privileges enable users to manage operation of the MySQL server. These privileges are global because they are not specific to a particular database.
Database privileges apply to a database and to all objects within it. These privileges can be granted for specific databases, or globally so that they apply to all databases.
Privileges for database objects such as tables, indexes, views, and stored routines can be granted for specific objects within a database, for all objects of a given type within a database (for example, all tables in a database), or globally for all objects of a given type in all databases.

Privileges also differ in terms of whether they are static (built in to the server) or dynamic (defined at runtime). Whether a privilege is static or dynamic affects its availability to be granted to user accounts and roles. For information about the differences between static and dynamic privileges, see Section 6.2.2, “Static Versus Dynamic Privileges”.)

Information about account privileges is stored in the grant tables in the mysql system database. For a description of the structure and contents of these tables, see Section 6.2.3, “Grant Tables”. The MySQL server reads the contents of the grant tables into memory when it starts, and reloads them under the circumstances indicated in Section 6.2.8, “When Privilege Changes Take Effect”. The server bases access-control decisions on the in-memory copies of the grant tables.

Important

Some MySQL releases introduce changes to the grant tables to add new privileges or features. To make sure that you can take advantage of any new capabilities, update your grant tables to the current structure whenever you upgrade MySQL. See Section 4.4.5, “mysql_upgrade — Check and Upgrade MySQL Tables”.

The following sections summarize the available privileges, provide more detailed descriptions of each privilege, and offer usage guidelines.

Summary of Available Privileges

The following table shows the static privilege names used in GRANT and REVOKE statements, along with the column name associated with each privilege in the grant tables and the context in which the privilege applies.

Table 6.2 Permissible Static Privileges for GRANT and REVOKE

Privilege	Grant Table Column	Context
`ALL [PRIVILEGES]`	Synonym for “all privileges”	Server administration
`ALTER`	`Alter_priv`	Tables
`ALTER ROUTINE`	`Alter_routine_priv`	Stored routines
`CREATE`	`Create_priv`	Databases, tables, or indexes
`CREATE ROLE`	`Create_role_priv`	Server administration
`CREATE ROUTINE`	`Create_routine_priv`	Stored routines
`CREATE TABLESPACE`	`Create_tablespace_priv`	Server administration
`CREATE TEMPORARY TABLES`	`Create_tmp_table_priv`	Tables
`CREATE USER`	`Create_user_priv`	Server administration
`CREATE VIEW`	`Create_view_priv`	Views
`DELETE`	`Delete_priv`	Tables
`DROP`	`Drop_priv`	Databases, tables, or views
`DROP ROLE`	`Drop_role_priv`	Server administration
`EVENT`	`Event_priv`	Databases
`EXECUTE`	`Execute_priv`	Stored routines
`FILE`	`File_priv`	File access on server host
`GRANT OPTION`	`Grant_priv`	Databases, tables, or stored routines
`INDEX`	`Index_priv`	Tables
`INSERT`	`Insert_priv`	Tables or columns
`LOCK TABLES`	`Lock_tables_priv`	Databases
`PROCESS`	`Process_priv`	Server administration
`PROXY`	See `proxies_priv` table	Server administration
`REFERENCES`	`References_priv`	Databases or tables
`RELOAD`	`Reload_priv`	Server administration
`REPLICATION CLIENT`	`Repl_client_priv`	Server administration
`REPLICATION SLAVE`	`Repl_slave_priv`	Server administration
`SELECT`	`Select_priv`	Tables or columns
`SHOW DATABASES`	`Show_db_priv`	Server administration
`SHOW VIEW`	`Show_view_priv`	Views
`SHUTDOWN`	`Shutdown_priv`	Server administration
`SUPER`	`Super_priv`	Server administration
`TRIGGER`	`Trigger_priv`	Tables
`UPDATE`	`Update_priv`	Tables or columns
`USAGE`	Synonym for “no privileges”	Server administration

The following table shows the dynamic privilege names used in GRANT and REVOKE statements, along with the context in which the privilege applies.

Table 6.3 Permissible Dynamic Privileges for GRANT and REVOKE

Privilege	Context
`APPLICATION_PASSWORD_ADMIN`	Dual password administration
`AUDIT_ADMIN`	Audit log administration
`BACKUP_ADMIN`	Backup administration
`BINLOG_ADMIN`	Backup and Replication administration
`CONNECTION_ADMIN`	Server administration
`ENCRYPTION_KEY_ADMIN`	Server administration
`FIREWALL_ADMIN`	Firewall administration
`FIREWALL_USER`	Firewall administration
`GROUP_REPLICATION_ADMIN`	Replication administration
`PERSIST_RO_VARIABLES_ADMIN`	Server administration
`REPLICATION_SLAVE_ADMIN`	Replication administration
`RESOURCE_GROUP_ADMIN`	Resource group administration
`RESOURCE_GROUP_USER`	Resource group administration
`ROLE_ADMIN`	Server administration
`SESSION_VARIABLES_ADMIN`	Server administration
`SET_USER_ID`	Server administration
`SYSTEM_VARIABLES_ADMIN`	Server administration
`VERSION_TOKEN_ADMIN`	Server administration
`XA_RECOVER_ADMIN`	Server administration

Static Privilege Descriptions

Static privileges are built in to the server, in contrast to dynamic privileges, which are defined at runtime. The following list describes each static privilege available in MySQL.

Particular SQL statements might have more specific privilege requirements than indicated here. If so, the description for the statement in question provides the details.

ALL, ALL PRIVILEGES
These privilege specifiers are shorthand for “all privileges available at a given privilege level” (except GRANT OPTION). For example, granting ALL at the global or table level grants all global privileges or all table-level privileges, respectively.
ALTER
Enables use of the ALTER TABLE statement to change the structure of tables. ALTER TABLE also requires the CREATE and INSERT privileges. Renaming a table requires ALTER and DROP on the old table, CREATE, and INSERT on the new table.
ALTER ROUTINE
Enables use of statements that alter or drop stored routines (stored procedures and functions).
CREATE
Enables use of statements that create new databases and tables.
CREATE ROLE
Enables use of the CREATE ROLE statement. (The CREATE USER privilege also enables use of the CREATE ROLE statement.)
CREATE ROUTINE
Enables use of statements that create stored routines (stored procedures and functions).
CREATE TABLESPACE
Enables use of statements that create, alter, or drop tablespaces and log file groups.
CREATE TEMPORARY TABLES
Enables the creation of temporary tables using the CREATE TEMPORARY TABLE statement.
After a session has created a temporary table, the server performs no further privilege checks on the table. The creating session can perform any operation on the table, such as DROP TABLE, INSERT, UPDATE, or SELECT. For more information, see Section 13.1.20.3, “CREATE TEMPORARY TABLE Syntax”.
CREATE USER
Enables use of the ALTER USER, CREATE ROLE, CREATE USER, DROP ROLE, DROP USER, RENAME USER, and REVOKE ALL PRIVILEGES statements.
CREATE VIEW
Enables use of the CREATE VIEW statement.
DELETE
Enables rows to be deleted from tables in a database.
DROP
Enables use of statements that drop (remove) existing databases, tables, and views. The DROP privilege is required to use the ALTER TABLE ... DROP PARTITION statement on a partitioned table. The DROP privilege is also required for TRUNCATE TABLE.
DROP ROLE
Enables use of the DROP ROLE statement. (The CREATE USER privilege also enables use of the DROP ROLE statement.)
EVENT
Enables use of statements that create, alter, drop, or display events for the Event Scheduler.
EXECUTE
Enables use of statements that execute stored routines (stored procedures and functions).
FILE
Affects the following operations and server behaviors:
- Enables reading and writing files on the server host using the LOAD DATA INFILE and SELECT ... INTO OUTFILE statements and the LOAD_FILE() function. A user who has the FILE privilege can read any file on the server host that is either world-readable or readable by the MySQL server. (This implies the user can read any file in any database directory, because the server can access any of those files.)
- Enables creating new files in any directory where the MySQL server has write access. This includes the server's data directory containing the files that implement the privilege tables.
- Enables use of the DATA DIRECTORY or INDEX DIRECTORY table option for the CREATE TABLE statement.
As a security measure, the server does not overwrite existing files.
To limit the location in which files can be read and written, set the secure_file_priv system variable to a specific directory. See Section 5.1.8, “Server System Variables”.
GRANT OPTION
Enables you to grant to or revoke from other users those privileges that you yourself possess.
INDEX
Enables use of statements that create or drop (remove) indexes. INDEX applies to existing tables. If you have the CREATE privilege for a table, you can include index definitions in the CREATE TABLE statement.
INSERT
Enables rows to be inserted into tables in a database. INSERT is also required for the ANALYZE TABLE, OPTIMIZE TABLE, and REPAIR TABLE table-maintenance statements.
LOCK TABLES
Enables use of explicit LOCK TABLES statements to lock tables for which you have the SELECT privilege. This includes use of write locks, which prevents other sessions from reading the locked table.
PROCESS
Enables display of information about the threads executing within the server (that is, information about the statements being executed by sessions). The privilege enables use of SHOW PROCESSLIST or mysqladmin processlist to see threads belonging to other accounts; you can always see your own threads. The PROCESS privilege also enables use of SHOW ENGINE.
PROXY
Enables one user to impersonate or become known as another user. See Section 6.3.11, “Proxy Users”.
REFERENCES
Creation of a foreign key constraint requires the REFERENCES privilege for the parent table.
RELOAD
Enables use of the FLUSH statement. It also enables mysqladmin commands that are equivalent to FLUSH operations: flush-hosts, flush-logs, flush-privileges, flush-status, flush-tables, flush-threads, refresh, and reload.
The reload command tells the server to reload the grant tables into memory. flush-privileges is a synonym for reload. The refresh command closes and reopens the log files and flushes all tables. The other flush-xxx commands perform functions similar to refresh, but are more specific and may be preferable in some instances. For example, if you want to flush just the log files, flush-logs is a better choice than refresh.
REPLICATION CLIENT
Enables use of the SHOW MASTER STATUS, SHOW SLAVE STATUS, and SHOW BINARY LOGS statements. Grant this privilege to accounts that are used by slave servers to connect to the current server as their master.
REPLICATION SLAVE
Enables the account to request updates that have been made to databases on the master server. Grant this privilege to accounts that are used by slave servers to connect to the current server as their master.
SELECT
Enables rows to be selected from tables in a database. SELECT statements require the SELECT privilege only if they actually access tables. Some SELECT statements do not access tables and can be executed without permission for any database. For example, you can use SELECT as a simple calculator to evaluate expressions that make no reference to tables:
1. SELECT 1+1;
2. SELECT PI()*2;
The SELECT privilege is also needed for other statements that read column values. For example, SELECT is needed for columns referenced on the right hand side of col_name=expr assignment in UPDATE statements or for columns named in the WHERE clause of DELETE or UPDATE statements.
The SELECT privilege is needed for tables or views used with EXPLAIN, including any underlying tables in view definitions.
SHOW DATABASES
Enables the account to see database names by issuing the SHOW DATABASE statement. Accounts that do not have this privilege see only databases for which they have some privileges, and cannot use the statement at all if the server was started with the --skip-show-database option. (Any global privilege is considered a privilege for all databases.)
SHOW VIEW
Enables use of the SHOW CREATE VIEW statement. This privilege is also needed for views used with EXPLAIN.
SHUTDOWN
Enables use of the SHUTDOWN and RESTART statements, the mysqladmin shutdown command, and the mysql_shutdown() C API function.
SUPER
SUPER is a powerful and far-reaching privilege and should not be granted lightly. If an account needs to perform only a subset of SUPER operations, it may be possible to achieve the desired privilege set by instead granting one or more dynamic privileges, each of which confers more limited capabilities. See Dynamic Privilege Descriptions.

Note

SUPER is deprecated and will be removed in a future version of MySQL. See Migrating Accounts from SUPER to Dynamic Privileges.

SUPER affects the following operations and server behaviors:
- Enables system variable changes at runtime:
  - Enables server configuration changes to global system variables with SET GLOBAL and SET PERSIST.
    The corresponding dynamic privilege is SYSTEM_VARIABLES_ADMIN.
  - Enables setting restricted session system variables that require a special privilege.
    The corresponding dynamic privilege is SESSION_VARIABLES_ADMIN.
  See also Section 5.1.9.1, “System Variable Privileges”.
- Enables changes to global transaction characteristics (see Section 13.3.7, “SET TRANSACTION Syntax”).
  The corresponding dynamic privilege is SYSTEM_VARIABLES_ADMIN.
- Enables the account to start and stop replication, including Group Replication.
  The corresponding dynamic privilege is REPLICATION_SLAVE_ADMIN for regular replication, GROUP_REPLICATION_ADMIN for Group Replication.
- Enables use of the CHANGE MASTER TO and CHANGE REPLICATION FILTER statements.
  The corresponding dynamic privilege is REPLICATION_SLAVE_ADMIN.
- Enables binary log control by means of the PURGE BINARY LOGS and BINLOG statements.
  The corresponding dynamic privilege is BINLOG_ADMIN.
- Enables setting the effective authorization ID when executing a view or stored program. A user with this privilege can specify any account in the DEFINER attribute of a view or stored program.
  The corresponding dynamic privilege is SET_USER_ID.
- Enables use of the CREATE SERVER, ALTER SERVER, and DROP SERVER statements.
- Enables use of the mysqladmin debug command.
- Enables InnoDB encryption key rotation.
  The corresponding dynamic privilege is ENCRYPTION_KEY_ADMIN.
- Enables execution of Version Tokens user-defined functions.
  The corresponding dynamic privilege is VERSION_TOKEN_ADMIN.
- Enables nonempty <graphml> element content in the result from the ROLES_GRAPHML() function.
  The corresponding dynamic privilege is ROLE_ADMIN.
- Enables control over client connections not permitted to non-SUPER accounts:
  - Enables use of the KILL statement or mysqladmin kill command to kill threads belonging to other accounts. (An account can always kill its own threads.)
  - The server does not execute init_connect system variable content when SUPER clients connect.
  - The server accepts one connection from a SUPER client even if the connection limit configured by the max_connections system variable is reached.
  - A server in offline mode (offline_mode enabled) does not terminate SUPER client connections at the next client request, and accepts new connections from SUPER clients.
  - Updates can be performed even when the read_only system variable is enabled. This applies to explicit table updates, and to use of account-management statements such as GRANT and REVOKE that update tables implicitly.
  The corresponding dynamic privilege for the preceding connection-control operations is CONNECTION_ADMIN.
You may also need the SUPER privilege to create or alter stored functions if binary logging is enabled, as described in Section 24.7, “Binary Logging of Stored Programs”.
TRIGGER
Enables trigger operations. You must have this privilege for a table to create, drop, execute, or display triggers for that table.
When a trigger is activated (by a user who has privileges to execute INSERT, UPDATE, or DELETE statements for the table associated with the trigger), trigger execution requires that the user who defined the trigger still have the TRIGGER privilege for the table.
UPDATE
Enables rows to be updated in tables in a database.
USAGE
This privilege specifier stands for “no privileges.” It is used at the global level with GRANT to specify clauses such as WITH GRANT OPTION without naming specific account privileges in the privilege list. SHOW GRANTS displays USAGE to indicate that an account has no privileges at a privilege level.

Dynamic Privilege Descriptions

Dynamic privileges are defined at runtime, in contrast to static privileges, which are built in to the server. The following list describes each dynamic privilege available in MySQL.

Most dynamic privileges are defined at server startup. Others are defined by a particular server component or plugin, as indicated in the privilege descriptions. In such cases, the privilege is unavailable unless the component or plugin that defines it is enabled.

Particular SQL statements might have more specific privilege requirements than indicated here. If so, the description for the statement in question provides the details.

APPLICATION_PASSWORD_ADMIN
For dual-password capability, this privilege enables use of the RETAIN CURRENT PASSWORD and DISCARD OLD PASSWORD clauses for ALTER USER and SET PASSWORD statements that apply to your own account. This privilege is required to manipulate your own secondary password because most users require only one password.
If an account is to be permitted to manipulate secondary passwords for all accounts, it should be granted the CREATE USER privilege rather than APPLICATION_PASSWORD_ADMIN.
For more information about use of dual passwords, see Section 6.3.8, “Password Management”.
APPLICATION_PASSWORD_ADMIN was added in MySQL 8.0.14.
AUDIT_ADMIN
Enables audit log configuration. This privilege is defined by the audit_log plugin; see Section 6.5.5, “MySQL Enterprise Audit”.
BACKUP_ADMIN
Enables execution of the LOCK INSTANCE FOR BACKUP statement and access to the Performance Schema log_status table.
The BACKUP_ADMIN privilege is automatically granted to users with the RELOAD privilege when performing an in-place upgrade to MySQL 8.0 from an earlier version.
BINLOG_ADMIN
Enables binary log control by means of the PURGE BINARY LOGS and BINLOG statements.
CONNECTION_ADMIN
Enables use of the KILL statement or mysqladmin kill command to kill threads belonging to other accounts. (An account can always kill its own threads.)
Enables setting system variables related to client connections, or circumventing restrictions related to client connections. CONNECTION_ADMIN applies to the effects of these system variables:
- init_connect: The server does not execute init_connect system variable content when CONNECTION_ADMIN clients connect.
- max_connections: The server accepts one connection from a CONNECTION_ADMIN client even if the connection limit configured by the max_connections system variable is reached.
- offline_mode: A server in offline mode (offline_mode enabled) does not terminate CONNECTION_ADMIN client connections at the next client request, and accepts new connections from CONNECTION_ADMIN clients.
- read_only: Updates can be performed even when the read_only system variable is enabled. This applies to explicit table updates, and to use of account-management statements such as GRANT and REVOKE that update tables implicitly.
ENCRYPTION_KEY_ADMIN
Enables InnoDB encryption key rotation.
FIREWALL_ADMIN
Enables a user to administer firewall rules for any user. This privilege is defined by the MYSQL_FIREWALL plugin; see Section 6.5.7, “MySQL Enterprise Firewall”.
FIREWALL_USER
Enables users to update their own firewall rules. This privilege is defined by the MYSQL_FIREWALL plugin; see Section 6.5.7, “MySQL Enterprise Firewall”.
GROUP_REPLICATION_ADMIN
Enables the account to start and stop Group Replication. Grant this privilege to accounts that are used by slave servers to connect to the current server as their master.
PERSIST_RO_VARIABLES_ADMIN
For users who also have SYSTEM_VARIABLES_ADMIN, PERSIST_RO_VARIABLES_ADMIN enables use of SET PERSIST_ONLY to persist global system variables to the mysqld-auto.cnf option file in the data directory. This statement is similar to SET PERSIST but does not modify the runtime global system variable value. This makes SET PERSIST_ONLY suitable for configuring read-only system variables that can be set only at server startup.
See also Section 5.1.9.1, “System Variable Privileges”.
REPLICATION_SLAVE_ADMIN
Enables the account to connect to the master server, start and stop replication, and use the CHANGE MASTER TO and CHANGE REPLICATION FILTER statements. Grant this privilege to accounts that are used by slave servers to connect to the current server as their master. This privilege does not apply to Group Replication; use GROUP_REPLICATION_ADMIN for that.
RESOURCE_GROUP_ADMIN
Enables resource group management: Creating, altering, and dropping resource groups; and assignment of threads and statements to resource groups. A user with this privilege can perform any operation relating to resource groups.
RESOURCE_GROUP_USER
Enables assigning threads and statements to resource groups. A user with this privilege can use the SET RESOURCE GROUP statement and the RESOURCE_GROUP optimizer hint.
ROLE_ADMIN
Enables use of the WITH ADMIN OPTION clause of the GRANT statement. Enables nonempty <graphml> element content in the result from the ROLES_GRAPHML() function.
SERVICE_CONNECTION_ADMIN
Enables connections to the network interface that permits only administrative connections (see Section 8.12.4.1, “How MySQL Handles Client Connections”).
SESSION_VARIABLES_ADMIN
For most system variables, setting the session value requires no special privileges and can be done by any user to affect the current session. For some system variables, setting the session value can have effects outside the current session and thus is a restricted operation. For these, the SESSION_VARIABLES_ADMIN privilege enables the user to set the session value.
If a system variable is restricted and requires a special privilege to set the session value, the variable description indicates that restriction. Examples include binlog_format, sql_log_bin, and sql_log_off.
SESSION_VARIABLES_ADMIN was added in MySQL 8.0.14. Prior to MySQL 8.0.14, restricted session system variables can be set only by users who have the SYSTEM_VARIABLES_ADMIN or SUPER privilege.
The SESSION_VARIABLES_ADMIN privilege is a subset of the SYSTEM_VARIABLES_ADMIN and SUPER privileges. A user who has either of those privileges is also permitted to set restricted session variables and effectively has SESSION_VARIABLES_ADMIN by implication and need not be granted SESSION_VARIABLES_ADMIN explicitly.
See also Section 5.1.9.1, “System Variable Privileges”.
SET_USER_ID
Enables setting the effective authorization ID when executing a view or stored program. A user with this privilege can specify any account in the DEFINER attribute of a view or stored program.
SYSTEM_VARIABLES_ADMIN
Affects the following operations and server behaviors:
- Enables system variable changes at runtime:
  - Enables server configuration changes to global system variables with SET GLOBAL and SET PERSIST.
  - Enables server configuration changes to global system variables with SET PERSIST_ONLY, if the user also has PERSIST_RO_VARIABLES_ADMIN.
  - Enables setting restricted session system variables that require a special privilege. In effect, SYSTEM_VARIABLES_ADMIN implies SESSION_VARIABLES_ADMIN without explicitly granting SESSION_VARIABLES_ADMIN.
  See also Section 5.1.9.1, “System Variable Privileges”.
- Enables changes to global transaction characteristics (see Section 13.3.7, “SET TRANSACTION Syntax”).
VERSION_TOKEN_ADMIN
Enables execution of Version Tokens user-defined functions. This privilege is defined by the version_tokens plugin; see Section 5.6.5, “Version Tokens”.
XA_RECOVER_ADMIN
Enables execution of the XA RECOVER statement; see Section 13.3.8.1, “XA Transaction SQL Syntax”.
Prior to MySQL 8.0, any user could execute the XA RECOVER statement to discover the XID values for outstanding prepared XA transactions, possibly leading to commit or rollback of an XA transaction by a user other than the one who started it. In MySQL 8.0, XA RECOVER is permitted only to users who have the XA_RECOVER_ADMIN privilege, which is expected to be granted only to administrative users who have need for it. This might be the case, for example, for administrators of an XA application if it has crashed and it is necessary to find outstanding transactions started by the application so they can be rolled back. This privilege requirement prevents users from discovering the XID values for outstanding prepared XA transactions other than their own. It does not affect normal commit or rollback of an XA transaction because the user who started it knows its XID.

Privilege-Granting Guidelines

It is a good idea to grant to an account only those privileges that it needs. You should exercise particular caution in granting the FILE and administrative privileges:

FILE can be abused to read into a database table any files that the MySQL server can read on the server host. This includes all world-readable files and files in the server's data directory. The table can then be accessed using SELECT to transfer its contents to the client host.
GRANT OPTION enables users to give their privileges to other users. Two users that have different privileges and with the GRANT OPTION privilege are able to combine privileges.
ALTER may be used to subvert the privilege system by renaming tables.
SHUTDOWN can be abused to deny service to other users entirely by terminating the server.
PROCESS can be used to view the plain text of currently executing statements, including statements that set or change passwords.
SUPER can be used to terminate other sessions or change how the server operates.
Privileges granted for the mysql system database itself can be used to change passwords and other access privilege information:
- Passwords are stored encrypted, so a malicious user cannot simply read them to know the plain text password. However, a user with write access to the mysql.user system table authentication_string column can change an account's password, and then connect to the MySQL server using that account.
- INSERT or UPDATE granted for the mysql system database enable a user to add privileges or modify existing privileges, respectively.
- DROP for the mysql system database enables a user to remote privilege tables, or even the database itself.

Rechercher dans le manuel MySQL

Traduction non disponible

Le manuel MySQL n'est pas encore traduit en français sur l'infobrol. Seule la version anglaise est disponible pour l'instant.

Document créé le 26/06/2006, dernière modification le 26/10/2018
Source du document imprimé : https://www.gaudry.be/mysql-rf-privileges-provided.html

L'infobrol est un site personnel dont le contenu n'engage que moi. Le texte est mis à disposition sous licence CreativeCommons(BY-NC-SA). Plus d'info sur les conditions d'utilisation et sur l'auteur.

Références

Manuel MySQL : https://dev.mysql.com/

Ces références et liens indiquent des documents consultés lors de la rédaction de cette page, ou qui peuvent apporter un complément d'information, mais les auteurs de ces sources ne peuvent être tenus responsables du contenu de cette page.
L'auteur de ce site est seul responsable de la manière dont sont présentés ici les différents concepts, et des libertés qui sont prises avec les ouvrages de référence. N'oubliez pas que vous devez croiser les informations de sources multiples afin de diminuer les risques d'erreurs.

Table des matières Haut