Configuration

Claude Code Tool Permissions: Allowlist and Settings

Manage Claude Code tool permissions with allowedTools, /permissions, settings files, CLI flags, least privilege examples, and safe allowlist defaults.

Claude Code Tool Permissions

Claude Code requests permission for operations that can read, edit, run commands, or touch external tools. Manage the allowlist with /permissions, allowedTools, settings files, and CLI flags so automation stays useful without giving every session full access.

Quick Answer

Start with read-only tools, then allow only the command families your workflow needs:

{
  "permissions": {
    "allow": [
      "Read",
      "Glob",
      "Grep",
      "LS",
      "Bash(git status)",
      "Bash(git diff *)"
    ]
  }
}

Use broader permissions only in disposable containers or trusted repositories. For CI and headless runs, prefer explicit --allowedTools flags over a permanent broad allowlist.

When Not To Skip Permissions

If you are searching for claude --dangerously-skip-permissions, use it only as a last resort in a disposable or tightly isolated environment.

SituationUse --dangerously-skip-permissions?Safer default
Normal project workNo.Add the smallest allowedTools entries you need.
Production repo with secretsNo.Keep prompts interactive and deny destructive commands.
CI or scripted reviewUsually no.Pass explicit --allowedTools for that job.
Throwaway container with no secrets and no network riskSometimes.Mount only the target workspace and discard the container after use.

This flag bypasses permission checks. It is not a productivity setting for everyday development.

Permission Management Methods

1. Session Selection

When Claude requests tool permissions, choose "Always allow":

Claude requests to use Edit tool
[ ] Allow once only
[x] Always allow
[ ] Deny

2. Using /permissions Command

Use permission commands in Claude Code sessions:

/permissions add Edit
/permissions add Bash(git commit:*)
/permissions add mcp__puppeteer__puppeteer_navigate
/permissions remove Bash(rm:*)
/permissions list

3. Manual Configuration File Editing

Edit .claude/settings.json, ~/.claude/settings.json, or another Claude Code settings file:

{
  "permissions": {
    "allow": ["Read", "Edit", "Bash(git *)", "Bash(npm *)", "Bash(pnpm *)"],
    "deny": ["Bash(rm -rf *)", "Bash(sudo *)"]
  }
}

4. Using CLI Flags

Set permissions for specific sessions:

claude --allowedTools "Read,Edit,Bash(git *)"

Safe Basic Permissions

{
  "permissions": {
    "allow": ["Read", "Glob", "Grep", "LS"]
  }
}

Common Development Permissions

{
  "permissions": {
    "allow": [
      "Read",
      "Edit",
      "MultiEdit",
      "Bash(git *)",
      "Bash(npm *)",
      "Bash(pnpm *)",
      "Bash(yarn *)"
    ]
  }
}

Full Development Permissions

{
  "permissions": {
    "allow": [
      "Read",
      "Edit",
      "MultiEdit",
      "Bash(git *)",
      "Bash(npm *)",
      "Bash(pnpm *)",
      "Bash(docker *)",
      "Bash(gh *)",
      "WebFetch"
    ]
  }
}

Risk Level Classification

🟢 Low Risk Tools

Recommended to always allow:

  • Read - Read files
  • Glob - File pattern matching
  • Grep - Text search
  • LS - List directories
  • WebFetch - Fetch web content

🟡 Medium Risk Tools

Use with caution:

  • Write - Write files
  • Edit - Edit files
  • MultiEdit - Batch editing
  • Bash(git:*) - Git operations
  • Bash(npm:*) - Package management

🔴 High Risk Tools

Requires confirmation:

  • Bash(rm:*) - Delete operations
  • Bash(sudo:*) - Admin privileges
  • Bash(curl:*) - Network requests
  • Bash(chmod:*) - Permission modifications

Security Best Practices

1. Principle of Least Privilege

Only grant necessary permissions:

{
  "permissions": {
    "allow": [
      "Read",
      "Edit",
      "Bash(git status)",
      "Bash(git diff *)",
      "Bash(npm test)"
    ]
  }
}

2. Environment Isolation

Use loose permissions in containers or VMs:

# In Docker container
docker run -it --rm -v $(pwd):/workspace node:18
claude --dangerously-skip-permissions

Do not run that command from your normal repository checkout if the shell has production credentials, cloud tokens, SSH keys, or access to unrelated projects.


Next: GitHub CLI Integration - Learn how to integrate gh command-line tool.