Search⌘ K
AI Features

Permissions and Access Control

Explore the permissions system in Claude Code to manage tool access using allow and deny patterns. Understand precedence rules, the prompt fallback for unmatched calls, and design minimal, secure permission sets following the principle of least privilege. This lesson equips you to enforce access control effectively in AI production projects.

The permissions system is how Claude Code enforces access control at the harness level, independent of what Claude decides. When a tool call matches a deny pattern, Claude Code cancels it regardless of Claude’s reasoning. When it matches an allow pattern, it proceeds without prompting the user. For everything else, Claude Code pauses and asks. This lesson covers the pattern syntax, precedence rules, and the practical design of a minimal permission set for a production project. By the end of this lesson, we will be able to:

  • Write allow and deny patterns using the correct syntax for built-in tools.

  • Explain the precedence rule when an allow and a deny pattern both match the same tool call.

  • Identify what happens when a tool call matches neither allow nor deny.

  • Design a permission set that follows the principle of least privilege.

Pattern syntax

Permission patterns use the form ToolName(argument-pattern). The tool name matches one of Claude Code’s built-in tools. The argument pattern is a glob applied to the relevant argument of that tool call. The built-in tools and their matchable arguments are:

Tool

Matched Argument

Example Pattern

Bash

The shell command string

Bash(git *)

Read

The file path

Read(src/**)

Write

The file path

Write(src/**)

Edit

The file path

Edit(src/**)

Glob

The glob pattern argument

Glob(**)

Grep

The search pattern

Grep(**)

WebFetch

The URL

WebFetch(https://docs.anthropic.com/*)

WebSearch

The search query

WebSearch(*)

Glob ...