User
Syntax
User:<ID|user_login|user_email>User:*
- The wildcard
*is available only with the premium add-on.
Actions
List: Allows the current user to view or manage the specified user.Edit: Allows the current user to edit the specified user.Delete: Allows the current user to delete the specified user.ChangePassword: Allows the current user to change or reset passwords for the specified user.ChangeRoleorPromote: Allows the current user to change roles for the specified user.
Examples
The following policy restricts the ability to manage all users:
{
"Statement": {
"Effect": "deny",
"Resource": "User:*",
"Action": [
"Edit",
"Delete"
]
}
}
This policy restricts management of two specific users:
{
"Statement": {
"Effect": "deny",
"Resource": [
"User:john@example.xyz",
"User:13"
],
"Action": [
"List",
"Edit",
"Delete"
]
}
}
Definition
The User resource is useful for defining access controls for specific users or all users. For example, you may want to grant admin rights to additional users but prevent them from changing or deleting your admin account. This can be achieved by restricting actions on your user account for other privileged admins.
The following policy prevents actions on the admin account with ID 1:
{
"Statement": {
"Effect": "deny",
"Resource": "User:1",
"Action": [
"List",
"Edit",
"Delete"
],
"Condition": {
"NotEquals": {
"(*int)${USER.ID}": 1
}
}
}
}
Wildcard
The wildcard User:* can be used to target all users, which is useful for hiding all users. This is a premium feature available with the premium add-on.
In the following example, all users will be hidden:
{
"Statement": {
"Effect": "deny",
"Resource": "User:*",
"Action": "List"
}
}
Info
Another way to prevent a user from listing all users is to deprive them of the list_users WordPress core capability.