Claude Code Tool Permissions: Allowlist and Settings
Manage Claude Code tool permissions with allowedTools, /permissions, settings files, CLI flags, least privilege examples, and safe allowlist defaults.
Claude Code Tool Permissions
Claude Code requests permission for operations that can read, edit, run commands, or touch external tools. Manage the allowlist with /permissions, allowedTools, settings files, and CLI flags so automation stays useful without giving every session full access.
Quick Answer
Start with read-only tools, then allow only the command families your workflow needs:
{
"permissions": {
"allow": [
"Read",
"Glob",
"Grep",
"LS",
"Bash(git status)",
"Bash(git diff *)"
]
}
}Use broader permissions only in disposable containers or trusted repositories. For CI and headless runs, prefer explicit --allowedTools flags over a permanent broad allowlist.
When Not To Skip Permissions
If you are searching for claude --dangerously-skip-permissions, use it only as a last resort in a disposable or tightly isolated environment.
| Situation | Use --dangerously-skip-permissions? | Safer default |
|---|---|---|
| Normal project work | No. | Add the smallest allowedTools entries you need. |
| Production repo with secrets | No. | Keep prompts interactive and deny destructive commands. |
| CI or scripted review | Usually no. | Pass explicit --allowedTools for that job. |
| Throwaway container with no secrets and no network risk | Sometimes. | Mount only the target workspace and discard the container after use. |
This flag bypasses permission checks. It is not a productivity setting for everyday development.
Permission Management Methods
1. Session Selection
When Claude requests tool permissions, choose "Always allow":
Claude requests to use Edit tool
[ ] Allow once only
[x] Always allow
[ ] Deny2. Using /permissions Command
Use permission commands in Claude Code sessions:
/permissions add Edit
/permissions add Bash(git commit:*)
/permissions add mcp__puppeteer__puppeteer_navigate
/permissions remove Bash(rm:*)
/permissions list3. Manual Configuration File Editing
Edit .claude/settings.json, ~/.claude/settings.json, or another Claude Code settings file:
{
"permissions": {
"allow": ["Read", "Edit", "Bash(git *)", "Bash(npm *)", "Bash(pnpm *)"],
"deny": ["Bash(rm -rf *)", "Bash(sudo *)"]
}
}4. Using CLI Flags
Set permissions for specific sessions:
claude --allowedTools "Read,Edit,Bash(git *)"Recommended Permission Configurations
Safe Basic Permissions
{
"permissions": {
"allow": ["Read", "Glob", "Grep", "LS"]
}
}Common Development Permissions
{
"permissions": {
"allow": [
"Read",
"Edit",
"MultiEdit",
"Bash(git *)",
"Bash(npm *)",
"Bash(pnpm *)",
"Bash(yarn *)"
]
}
}Full Development Permissions
{
"permissions": {
"allow": [
"Read",
"Edit",
"MultiEdit",
"Bash(git *)",
"Bash(npm *)",
"Bash(pnpm *)",
"Bash(docker *)",
"Bash(gh *)",
"WebFetch"
]
}
}Risk Level Classification
🟢 Low Risk Tools
Recommended to always allow:
Read- Read filesGlob- File pattern matchingGrep- Text searchLS- List directoriesWebFetch- Fetch web content
🟡 Medium Risk Tools
Use with caution:
Write- Write filesEdit- Edit filesMultiEdit- Batch editingBash(git:*)- Git operationsBash(npm:*)- Package management
🔴 High Risk Tools
Requires confirmation:
Bash(rm:*)- Delete operationsBash(sudo:*)- Admin privilegesBash(curl:*)- Network requestsBash(chmod:*)- Permission modifications
Security Best Practices
1. Principle of Least Privilege
Only grant necessary permissions:
{
"permissions": {
"allow": [
"Read",
"Edit",
"Bash(git status)",
"Bash(git diff *)",
"Bash(npm test)"
]
}
}2. Environment Isolation
Use loose permissions in containers or VMs:
# In Docker container
docker run -it --rm -v $(pwd):/workspace node:18
claude --dangerously-skip-permissionsDo not run that command from your normal repository checkout if the shell has production credentials, cloud tokens, SSH keys, or access to unrelated projects.
Next: GitHub CLI Integration - Learn how to integrate gh command-line tool.