Governed ability
Get user
aafm/get-user Read only
Read one user by id: id, display name, email, roles, post count, registration date, and bio. Never login or password.
How it is governed
The same model as every ability in the plugin, stated for this one.
- Off until you enable it
Like every ability, Get user ships switched off. You turn it on one at a time, and an update never widens access on its own.
- Reads only
It reads data and returns it to your client. Nothing on your site is created, changed, or removed.
- Capability gated
A connection only sees Get user if the user you connected can run it, and the plugin checks that capability again before it executes.
- Every call audited
The call is written to the log in your own database, denials included, with the argument keys but never the values.
See it in action
An illustrative run. Your real calls and data stay on your own site.
Try it with a prompt
Example requests you could paste to your agent.
Get the profile details for user 214.
Show me the bio and registration date for editor Priya (user 214).
Look up user 88 and tell me their roles and post count.
These are illustrative example prompts. The agent runs them as the user you connected, checked against that user's capabilities and written to your audit log.
Frequently asked
Short answers for Get user.
What information comes back for one user?
The id, display name, email, roles, post count, registration date, and bio. The login name and password are never returned.
Can the agent read anyone it likes?
Only within what the connected account is allowed to see, and only while an administrator has this read ability enabled. Reads are logged like every other ability call.
Governed by default, from the first call.
Get user is off until you enable it, scoped to the user you connect, and logged like everything else. Turn on only what you need.
Every ability off until you enable it, capability-gated on every call.