The Users tab (Settings → Users) lets you control exactly which WordPress user roles can access Agent Builder features and interact with AI agents. You can also set per-role daily limits on the number of AI queries and tokens consumed. Administrators always retain full access and are always unlimited.
Where to find it
Navigate to Agent Builder → Settings → Users in your WordPress admin. The page presents two permission tables — one for plugin administration and one for AI agent interaction — each listing every WordPress role as a column.
Plugin Administration Permissions
These permissions control which roles can access and configure Agent Builder admin pages.
| Permission | What it controls |
|---|---|
| View Dashboard | Access the Agent Builder dashboard overview and stats. |
| Manage Agents | Install, activate, deactivate, edit, and delete agents. |
| View Audit Log | Read the full agent action and security audit log. |
| Configure Tools | Enable or disable individual agent tools. |
| Run Tasks Manually | Trigger scheduled agent tasks by hand from the admin UI. |
| Manage Plugin Settings | Change AI providers, API keys, caching and security options. Grants access to all settings tabs. |
AI Agent Interaction Permissions
These permissions control which roles can chat with and interact with the installed AI agents.
| Permission | What it controls |
|---|---|
| Chat on the Frontend | Send messages to agents via page-embedded chat or [agentic_chat] shortcodes. |
| Chat in the Admin Bar | Use the AI chat overlay embedded in the WordPress admin bar. |
| View Installed Agents | Browse the list of installed and active agents in the admin. |
| Use Premium / Uploaded Agents | Interact with agents downloaded from the marketplace. |
Daily Usage Limits
Below the permission tables you will find the Daily Usage Limits table. This lets you cap how many AI queries and how many tokens each role can consume per day — useful for controlling costs and preventing abuse on sites where multiple roles or anonymous visitors can reach the chat interface.
| Column | What it controls |
|---|---|
| Queries / day | Maximum number of chat messages (requests to an LLM) the role can send in a 24-hour UTC day. Set to 0 for unlimited. |
| Tokens / day | Maximum number of tokens (input + output combined) the role can consume in a 24-hour UTC day. Set to 0 for unlimited. |
The table includes one row for every registered WordPress role and a dedicated Anonymous Visitors row for logged-out users reaching a public-facing chat embed.
How limits are enforced
- Query limit — checked before the request is sent to any LLM. If the daily cap is reached the request is blocked immediately and an informative error is returned to the user.
- Token limit — checked at the start of each request against tokens already consumed today. If the previous request pushed total tokens over the cap, the next request is blocked. This post-hoc approach avoids cutting a response mid-stream.
- Reset time — counters reset automatically at midnight UTC. No cron job is needed; expiry is handled via WordPress transients.
- Multi-role users — when a user holds more than one role, the most restrictive non-zero limit across all their roles applies.
- Anonymous visitors — identified by a hashed IP address. They share a single pool per IP per day.
How enforcement works
These settings control WordPress admin menu visibility, admin bar chat access, the REST chat API, and AJAX task triggers. Rules are applied at every entry point — unchecked roles are blocked at the server, not just hidden in the UI.
- Admin menu — removing all plugin privileges from a role hides the Agent Builder menu from that role entirely.
- REST API — chat requests from roles without the Chat on the Frontend or Chat in the Admin Bar permission are rejected with a 403 error.
- AJAX — task triggers and tool calls check permissions server-side before executing.
- Daily limits — query and token caps are checked inside the security scan pipeline on every chat request, after rate limiting and before the LLM call is made.
Administrator exception
The Administrator role always has full access to every feature and cannot be unchecked. Daily usage limits are also permanently unlimited for Administrators regardless of what is entered in the limits table — the fields are hidden and fixed at 0 (unlimited). This ensures site owners can never accidentally lock themselves out or throttle their own administrative work.
Tips
- Grant Chat in the Admin Bar to Editors so they can use AI assistance while writing posts without seeing plugin configuration screens.
- Grant Chat on the Frontend to Subscribers or custom roles to power member-only AI chat widgets.
- Keep Manage Plugin Settings restricted to Administrator only on multi-author sites to prevent API key changes.