Search⌘ K
AI Features

Permissions and Access Control

Explore how Claude Code manages permissions to control access and tool usage safely in AI projects. Understand pattern syntax, precedence between allow and deny rules, and how to design minimal permission sets that follow the principle of least privilege. This lesson equips you to configure secure, production-ready Claude Code workflows by balancing automation with user approval for sensitive actions.

The permissions system is how Claude Code enforces access control at the harness level, independent of what Claude decides. When a tool call matches a deny pattern, Claude Code cancels it regardless of Claude’s reasoning. When it matches an allow pattern, it proceeds without prompting the user. For everything else, Claude Code pauses and asks. This lesson covers the pattern syntax, precedence rules, and the practical design of a minimal permission set for a production project. By the end of this lesson, we will be able to:

  • Write allow and deny patterns using the correct syntax for built-in tools.

  • Explain the precedence rule when an allow and a deny pattern both match the same tool call.

  • Identify what happens when a tool call matches neither allow nor deny.

  • Design a permission set that follows the principle of least privilege.

Pattern syntax

Permission patterns use the form ToolName(argument-pattern). The tool name matches one of Claude Code’s built-in tools. The argument pattern is a glob applied to the relevant argument of that tool call. The built-in tools and their matchable arguments are:

Tool

Matched Argument

Example Pattern

Bash

The shell command string

Bash(git *)

Read

The file path

Read(src/**)

Write

The file path

Write(src/**)

Edit

The file path

Edit(src/**)

Glob

The glob pattern argument

Glob(**)

Grep

The search pattern

Grep(**)

WebFetch

The URL

WebFetch(https://docs.anthropic.com/*)

WebSearch

The search query

WebSearch(*)

Glob ...