Governed ability

Get user

aafm/get-user Read only

Read one user by id: id, display name, email, roles, post count, registration date, and bio. Never login or password.

How it is governed

The same model as every ability in the plugin, stated for this one.

  • Off until you enable it

    Like every ability, Get user ships switched off. You turn it on one at a time, and an update never widens access on its own.

  • Reads only

    It reads data and returns it to your client. Nothing on your site is created, changed, or removed.

  • Capability gated

    A connection only sees Get user if the user you connected can run it, and the plugin checks that capability again before it executes.

  • Every call audited

    The call is written to the log in your own database, denials included, with the argument keys but never the values.

See it in action

An illustrative run. Your real calls and data stay on your own site.

agent-abilities · audit Governed
You Get user on this site.
Run Running aafm/get-user
Gate Allowed read capability confirmed
Audit aafm/get-user · principal: editor · args: user_id
Result Returns the data the agent asked for. Nothing on the site changes.

Try it with a prompt

Example requests you could paste to your agent.

  1. Get the profile details for user 214.
  2. Show me the bio and registration date for editor Priya (user 214).
  3. Look up user 88 and tell me their roles and post count.

These are illustrative example prompts. The agent runs them as the user you connected, checked against that user's capabilities and written to your audit log.

Frequently asked

Short answers for Get user.

What information comes back for one user?

The id, display name, email, roles, post count, registration date, and bio. The login name and password are never returned.

Can the agent read anyone it likes?

Only within what the connected account is allowed to see, and only while an administrator has this read ability enabled. Reads are logged like every other ability call.

Back to all abilities

Governed by default, from the first call.

Get user is off until you enable it, scoped to the user you connect, and logged like everything else. Turn on only what you need.

Every ability off until you enable it, capability-gated on every call.