Skip to main content

User

Vasyl MartyniukLess than 1 minute

Syntax

User:<ID|user_login|user_email>
User:*

Actions

  • List: Allows the current user to view or manage the specified user.
  • Edit: Allows the current user to edit the specified user.
  • Delete: Allows the current user to delete the specified user.
  • ChangePassword: Allows the current user to change or reset passwords for the specified user.
  • ChangeRole or Promote: Allows the current user to change roles for the specified user.

Examples

The following policy restricts the ability to manage all users:

{
    "Statement": {
        "Effect": "deny",
        "Resource": "User:*",
        "Action": [
            "Edit",
            "Delete"
        ]
    }
}

This policy restricts management of two specific users:

{
    "Statement": {
        "Effect": "deny",
        "Resource": [
            "User:john@example.xyz",
            "User:13"
        ],
        "Action": [
            "List",
            "Edit",
            "Delete"
        ]
    }
}

Definition

The User resource is useful for defining access controls for specific users or all users. For example, you may want to grant admin rights to additional users but prevent them from changing or deleting your admin account. This can be achieved by restricting actions on your user account for other privileged admins.

The following policy prevents actions on the admin account with ID 1:

{
    "Statement": {
        "Effect": "deny",
        "Resource": "User:1",
        "Action": [
            "List",
            "Edit",
            "Delete"
        ],
        "Condition": {
            "NotEquals": {
                "(*int)${USER.ID}": 1
            }
        }
    }
}

Wildcard

The wildcard User:* can be used to target all users, which is useful for hiding all users. This is a premium feature available with the premium add-on.

In the following example, all users will be hidden:

{
    "Statement": {
        "Effect": "deny",
        "Resource": "User:*",
        "Action": "List"
    }
}

Info

Another way to prevent a user from listing all users is to deprive them of the list_users WordPress core capability.

Virtual Assistant