Governed ability
Get user ACF fields
aafm/acf-get-user-fields Read only
Reads all of a user's ACF field values, hydrated by field key. A field of the user_email type returns the real email address under the integration disclaimer. Requires edit access to that user.
How it is governed
The same model as every ability in the plugin, stated for this one.
- Off until you enable it
Like every ability, Get user ACF fields ships switched off. You turn it on one at a time, and an update never widens access on its own.
- Reads only
It reads data and returns it to your client. Nothing on your site is created, changed, or removed.
- Capability gated
A connection only sees Get user ACF fields if the user you connected can run it, and the plugin checks that capability again before it executes.
- Every call audited
The call is written to the log in your own database, denials included, with the argument keys but never the values.
See it in action
An illustrative run. Your real calls and data stay on your own site.
Try it with a prompt
Example requests you could paste to your agent.
Read the ACF profile fields for user 27.
Show me the custom fields stored on this author's profile.
What is in the twitter_handle and job_title ACF fields for user 5?
These are illustrative example prompts. The agent runs them as the user you connected, checked against that user's capabilities and written to your audit log.
Frequently asked
Short answers for Get user ACF fields.
Can it return a real email address?
Yes. A field of the user_email type returns the real email address under the integration disclaimer, so its output can contain personal data. It requires edit access to that user and is recorded in the audit log.
When is it available?
Only while Advanced Custom Fields is active. If ACF is deactivated, the ability is not registered.
Is it enabled out of the box?
No. Like every ability, it is off by default and must be enabled, and it is limited to users the agent can already edit.
Governed by default, from the first call.
Get user ACF fields is off until you enable it, scoped to the user you connect, and logged like everything else. Turn on only what you need.
Every ability off until you enable it, capability-gated on every call.