Permissions Reference
Claude Code uses a permission system to control what actions Claude can take. This reference covers all permission settings.
Permission Modes
Claude Code supports different permission modes that control how much Claude can do without asking:
| Mode | Description |
|---|---|
| Default | Claude asks permission for each potentially risky action (file edits, commands, etc.) |
| Plan mode | Claude can only read files and search — no edits, no commands |
| Yolo mode | Claude runs all actions without asking (use with caution!) |
Tool Permissions
Each tool can be individually configured in the allowlist or denylist.
Built-In Tools
| Tool | What It Does | Risk Level |
|---|---|---|
Read | Read file contents | Low |
Glob | Find files by name pattern | Low |
Grep | Search file contents | Low |
Edit | Modify file contents | Medium |
Write | Create or overwrite files | Medium |
Bash | Run terminal commands | High |
WebSearch | Search the internet | Low |
WebFetch | Fetch content from a URL | Low |
Agent | Spawn a subagent for subtasks | Medium |
Configuring Tool Permissions
In your settings.json (project or global):
{
"permissions": {
"allow": [
"Read",
"Glob",
"Grep",
"WebSearch",
"WebFetch"
],
"deny": [
"Bash(rm -rf *)",
"Bash(sudo *)"
]
}
}
Allowlist Rules
Allowlist entries auto-approve specific tools or tool+argument patterns:
| Pattern | What It Allows |
|---|---|
"Read" | All file reads without prompting |
"Edit" | All file edits without prompting |
"Bash(npm test)" | Only the exact command npm test |
"Bash(git *)" | Any command starting with git |
"Edit(src/**)" | Edits only within the src/ directory |
Denylist Rules
Denylist entries block specific tools or patterns entirely:
| Pattern | What It Blocks |
|---|---|
"Bash(rm -rf *)" | Any recursive force-delete command |
"Bash(sudo *)" | Any command using sudo |
"Edit(.env*)" | Edits to environment files |
"Write(*.exe)" | Creating executable files |
Settings File Locations
| Scope | Location |
|---|---|
| Global | ~/.claude/settings.json |
| Project | .claude/settings.json (in project root) |
Project settings override global settings. Denylist entries cannot be overridden — if something is denied globally, project settings cannot allow it.
Best Practices
- Start restrictive: Begin with default permissions and add allowlist entries as needed
- Allowlist read-only tools:
Read,Glob,Grep,WebSearch, andWebFetchare safe to auto-approve - Be specific with Bash: Use patterns like
Bash(npm test)instead of allowing all Bash commands - Protect sensitive files: Deny edits to
.env, credentials, and config files containing secrets - Review before committing: Keep
Bash(git commit *)off the allowlist until you trust the workflow