If the admin simply wants to disable a user, it should be enough to run:
Option "--user-email" is required
Option "--user-key" is required
Option "--user-langs" is required
Option "--user-name" is required
Option "--user-passwordhash" is required
Option "--user-roles" is required
This is just far too much info to demand for such a straightforward request. The admin would have to break the account (password hash, apikey etc) as they can't get access to this information.
I had a look at this one, and as far as I can tell it will be difficult to request a user's account and return null if they don't exist, due to ResponseFilter not handing back the exception.
This would be required when deciding if client needs certain fields for new account actions.