Permissions & Security

3 min read

Understanding and configuring Claude Code permissions for safe operation

title: Permissions & Security description: Understanding and configuring Claude Code permissions for safe operation

Claude Code operates with a permission system that gives you control over what actions it can perform. Understanding and configuring these permissions properly is essential for both security and productivity.

Permission Model Overview

Claude Code uses a tiered permission system:

| Level | Actions | Approval Required | |-------|---------|-------------------| | Read-only | File reading, searching, exploring | Optional | | Write | File editing, creation, deletion | Yes (configurable) | | Execute | Running bash commands | Yes (configurable) | | Network | API calls, web requests | Yes | | Git | Commits, pushes, branch operations | Yes |

Auto-Approval Configuration

Setting Auto-Approved Tools

Configure which tools run without confirmation:

JSON

Available Tools

| Tool | Description | Risk Level | |------|-------------|------------| | Read | Read file contents | Low | | Glob | Find files by pattern | Low | | Grep | Search file contents | Low | | Task | Launch subagents | Low-Medium | | Edit | Modify files | Medium | | Write | Create new files | Medium | | Bash | Execute commands | High | | WebFetch | Make HTTP requests | Medium |

Recommended Configurations

Conservative (default):

JSON

Requires approval for everything.

Standard development:

JSON

Auto-approves read-only operations.

Trusted project:

JSON

Auto-approves file operations, still requires approval for commands.

Full trust (use with caution):

JSON

Auto-approves everything including bash commands.

Bash Command Permissions

Command Allowlists

Specify safe commands that can run automatically:

JSON

The format is Bash(prefix:pattern):

git status:* - Allow any git status command
npm test:* - Allow npm test with any arguments
pnpm lint:* - Allow pnpm lint commands

Dangerous Commands

Claude Code blocks certain dangerous commands by default:

rm -rf / - System destruction
sudo without explicit approval
Commands that modify system files
Package installation in system directories

File System Permissions

Restricting File Access

Use .claudeignore to prevent Claude from accessing certain files:

Text

Protecting Sensitive Files

For additional protection, configure in CLAUDE.md:

Markdown

Network Permissions

API Access Control

Configure allowed network operations:

JSON

MCP Server Permissions

MCP servers have their own permission scopes:

JSON

Git Permissions

Safe Git Operations

By default, these git operations are considered safe:

git status
git log
git diff
git branch (listing)

Requiring Approval

These operations always require approval:

git commit - Creating commits
git push - Pushing to remote
git checkout -b - Creating branches
git merge - Merging branches
git reset - Resetting history

Git Safety Configuration

Markdown

Session-Based Permissions

Temporary Permissions

Grant permissions for the current session only:

Bash

Permission Escalation

When Claude needs additional permissions:

Claude explains what action is needed
You can approve once or for the session
Denied permissions are remembered

Security Best Practices

1. Principle of Least Privilege

Start with minimal permissions and add as needed:

JSON

2. Project Isolation

Use project-specific configurations:

Text

3. Review Before Commit

Always review changes before committing:

Markdown

4. Audit Trail

Keep track of what Claude has done:

Bash

5. Secure Secrets

Never store secrets in:

CLAUDE.md
settings.json
Any tracked files

Instead use:

Environment variables
Secret managers
.env files (gitignored)

Troubleshooting Permissions

Permission Denied Errors

Symptom: "Permission denied" or "Access blocked"

Solutions:

Check .claudeignore for overly broad patterns
Verify file ownership and system permissions
Run Claude from the correct directory

Stuck on Approval

Symptom: Too many approval prompts

Solutions:

Add commonly used tools to autoApprove
Use session-based permissions
Configure command allowlists

Unintended Actions

Symptom: Claude performed unexpected operations

Solutions:

Review and restrict autoApprove list
Use git to revert changes
Add explicit restrictions to CLAUDE.md

Next Steps

Sources

Generated with AI using Claude AI by Anthropic

Model: Claude Opus 4.5 · Generated: 2025-12-20 · Build: v1.21.0-75762dc

Edit this page on GitHub··

Permissions & Security

title: Permissions & Security description: Understanding and configuring Claude Code permissions for safe operation

Permission Model Overview

Auto-Approval Configuration

Setting Auto-Approved Tools

Available Tools

Recommended Configurations

Bash Command Permissions

Command Allowlists

Dangerous Commands

File System Permissions

Restricting File Access

Protecting Sensitive Files

Network Permissions

API Access Control

MCP Server Permissions

Git Permissions

Safe Git Operations

Requiring Approval

Git Safety Configuration

Session-Based Permissions

Temporary Permissions

Permission Escalation

Security Best Practices

1. Principle of Least Privilege

2. Project Isolation

3. Review Before Commit

4. Audit Trail

5. Secure Secrets

Troubleshooting Permissions

Permission Denied Errors

Stuck on Approval

Unintended Actions

Next Steps

Sources

Discussion