Permissions and Access Control
Explore the permissions system in Claude Code to manage tool access using allow and deny patterns. Understand precedence rules, the prompt fallback for unmatched calls, and design minimal, secure permission sets following the principle of least privilege. This lesson equips you to enforce access control effectively in AI production projects.
The permissions system is how Claude Code enforces access control at the harness level, independent of what Claude decides. When a tool call matches a deny pattern, Claude Code cancels it regardless of Claude’s reasoning. When it matches an allow pattern, it proceeds without prompting the user. For everything else, Claude Code pauses and asks. This lesson covers the pattern syntax, precedence rules, and the practical design of a minimal permission set for a production project. By the end of this lesson, we will be able to:
Write
allowanddenypatterns using the correct syntax for built-in tools.Explain the precedence rule when an
allowand adenypattern both match the same tool call.Identify what happens when a tool call matches neither
allownordeny.Design a permission set that follows the principle of least privilege.
Pattern syntax
Permission patterns use the form ToolName(argument-pattern). The tool name matches one of Claude Code’s built-in tools. The argument pattern is a glob applied to the relevant argument of that tool call. The built-in tools and their matchable arguments are:
Tool | Matched Argument | Example Pattern |
| The shell command string |
|
| The file path |
|
| The file path |
|
| The file path |
|
| The glob pattern argument |
|
| The search pattern |
|
| The URL |
|
| The search query |
|
Glob ...