The Permissions Model
Module: Configuration | Lesson: 4 of 5 | Time: ~10 minutes
What You Will Learn
- How Claude Code's permission system works
- What allowlists and denylists do
- How tool permissions control what Claude can do
Prerequisites
- Completed Settings.json
Why This Matters
Claude Code can read files, edit files, run commands, search the web, and more. That is a lot of power. The permissions model exists to make sure Claude only does things you are comfortable with. It is the safety system that keeps you in control -- Claude asks before acting, and you decide what is allowed. Understanding permissions lets you work faster (by pre-approving safe actions) while staying protected (by blocking risky ones).
Why Claude Asks Permission
Every time Claude wants to use a tool, it faces a question: "Should I ask the user first, or can I go ahead?"
By default, Claude asks you about almost everything. You have seen this in earlier lessons:
Claude wants to edit file: config.json
Allow? (Y)es / (N)o / (A)lways allow Edit
This is intentional. Claude Code is designed with a "trust but verify" approach. Even though Claude is careful and smart, you are the one who knows your project best. Maybe that config file should not be changed right now. Maybe that command would break something. The permission prompt gives you a chance to check.
The Three Permission Modes
Claude Code has three permission modes that control how often it asks for approval. You can set the mode when you start Claude Code:
Default Mode (Recommended for Beginners)
claude
This is what you have been using throughout this tutorial. Claude asks permission before using most tools. Safe, read-only tools (like Read) may be auto-approved if you have them in your allowed list.
Plan Mode
claude --plan
In plan mode, Claude describes what it wants to do but does not do it until you approve. This is even more cautious than the default -- Claude creates a plan first, and you review the entire plan before any action happens. This is useful for complex tasks where you want to see the big picture before Claude starts working.
Auto Mode
claude --auto
In auto mode, Claude can use tools without asking you each time (within the boundaries of your allowed/denied tool lists). This is fast but means Claude can make changes you have not individually reviewed. Only use this mode when:
- You trust your permission settings are well configured
- You are working on a low-risk task
- You have version control (like Git) so you can undo changes
Auto mode is the most productive but least supervised. Most beginners should stick with the default mode until they are comfortable with how Claude works.
Tool Permissions: The Allow and Deny Lists
Regardless of which mode you are in, Claude Code uses two lists to decide which tools need permission:
The Allow List (Allowed Tools)
Tools on this list can be used without asking you. Common choices for the allow list include read-only tools that cannot change anything:
{
"permissions": {
"allow": [
"Read",
"Glob",
"Grep"
]
}
}
With this configuration, Claude can read files, search for files, and search inside files without interrupting you. These tools only look at things -- they cannot change or break anything.
The Deny List (Denied Tools)
Tools on this list are blocked entirely. Claude cannot use them even if it wants to, and even in auto mode:
{
"permissions": {
"deny": [
"Bash(rm -rf *)",
"Bash(del /s /q *)",
"Bash(Format-Volume*)"
]
}
}
This prevents Claude from running specific dangerous commands. The deny list overrides everything else -- even auto mode respects it.
Tools Not on Either List
If a tool is not on the allow list or the deny list, it falls into the default behavior: Claude asks you each time. This is the middle ground -- neither auto-approved nor blocked.
Here is a summary:
| Where the tool is | What happens |
|---|---|
| Allow list | Claude uses it without asking |
| Deny list | Claude cannot use it at all |
| Neither list | Claude asks you each time |
The Permission Prompt Options
When Claude asks for permission, you have several response options:
| Response | Effect |
|---|---|
| Y (Yes) | Allow this one use. Claude will ask again next time. |
| N (No) | Reject this one use. Claude will try a different approach or ask you what to do. |
| A (Always allow) | Add this tool to the allow list for the rest of the session. Claude will not ask about this tool again until you restart. |
Choosing "Always allow" during a session is temporary -- it only lasts until you close Claude Code. To make permanent changes to your allow/deny lists, edit your settings.json file (covered in the next lesson).
Which Tools Are Available?
Here are the main tools Claude Code can use and their risk levels:
| Tool | What It Does | Risk Level |
|---|---|---|
| Read | Opens and reads file contents | Low -- only looks, never changes |
| Glob | Searches for files by name pattern | Low -- only looks, never changes |
| Grep | Searches text inside files | Low -- only looks, never changes |
| Edit | Changes specific parts of a file | Medium -- modifies files |
| Write | Creates new files or rewrites existing ones | Medium -- creates/modifies files |
| Bash | Runs terminal commands | High -- can do anything on your computer |
| WebSearch | Searches the internet | Low -- only retrieves information |
| WebFetch | Fetches a web page | Low -- only retrieves information |
Allow the low-risk tools, leave medium-risk tools on "ask each time," and consider denying specific high-risk commands:
{
"permissions": {
"allow": ["Read", "Glob", "Grep", "WebSearch", "WebFetch"],
"deny": ["Bash(rm -rf *)", "Bash(del /s /q *)"]
}
}
This lets Claude read and search freely, asks you before any file changes, and blocks the most dangerous deletion commands.
Common Questions
Q: Can Claude bypass permissions? No. The permission system is enforced by Claude Code itself, not by Claude the AI. Claude cannot override it, trick it, or work around it.
Q: What happens if I deny a tool Claude needs? Claude will tell you it cannot complete the task and explain what it was trying to do. You can then decide whether to allow it or take a different approach.
Q: Does the allow list make Claude do things automatically? Only if you are in auto mode. In default mode, Claude still describes what it is doing and shows you the output -- it just does not pause to ask permission for allowed tools.
Q: Can I change permissions in the middle of a session?
Yes. You can type /config in Claude Code to adjust settings, or choose "Always allow" / "No" on individual permission prompts.
Try It Yourself
Step 1: Observe the Default Behavior
Start Claude Code normally and try these actions:
> Read my-notes.txt
> Create a new file called test-permissions.txt with the text "Hello"
> Run the command: dir
Notice which actions ask for permission and which do not (depending on your current settings).
Step 2: Try Always Allow
When Claude asks permission for the Edit or Write tool, press A (Always allow). Then ask Claude to make another edit:
> Add a second line to test-permissions.txt that says "Testing permissions"
Notice that Claude does not ask this time -- it edits directly because you chose "Always allow" for this session.
Step 3: Restart and Observe the Reset
Close Claude Code (press Ctrl+C or type /exit) and start it again:
claude
Now ask Claude to edit the same file:
> Change "Testing permissions" to "Permissions are working" in test-permissions.txt
Claude should ask for permission again because the "Always allow" from the previous session did not persist.
If you observed permission prompts, used "Always allow," saw it take effect, and then saw it reset after restarting, you understand how session-based permissions work. In the next lesson, you will learn how to make these settings permanent.
What You Learned
- Why permissions exist: To keep you in control of what Claude does on your computer
- Three modes: Default (asks for most things), Plan (shows a plan first), Auto (minimal prompts)
- Allow list: Tools that Claude can use without asking
- Deny list: Tools that Claude is blocked from using entirely
- Neither list: Tools that Claude asks about each time
- Permission prompt: Y (once), N (reject), A (allow for session)
- Session vs permanent: "Always allow" in a session resets when you restart
How was this lesson? Take 2 minutes to share your feedback — it helps us make the tutorials better for everyone.