Skip to main content

Why Permissions Matter

Agents with unrestricted access can:
  • Execute dangerous commands
  • Modify critical files
  • Access sensitive data
  • Make irreversible changes
Permissions create guardrails that let agents work autonomously while keeping humans in control.

Permission Models

Only explicitly permitted actions are allowed:

Denylist

Everything allowed except explicitly denied:

Hybrid

Combine both for fine-grained control:

Configuration by Tool

File: .claude/settings.json

Permission Categories

File Operations

Shell Commands

Network Access

MCP Tools

Permission Patterns

Read-Only Agent

Safe for exploration and analysis:

Development Agent

Standard development workflow:

CI/CD Agent

Deployment with safeguards:

Confirmation Prompts

Require human approval for sensitive actions:

Audit Logging

Track all permission-related events:
Audit log example:

Best Practices

  • Start with minimal permissions, expand as needed
  • Use allowlists over denylists
  • Scope file access to project directories
  • Never allow sudo or rm -rf
  • Require confirmation for destructive actions
  • Enable audit logging in production
  • Review permissions when adding new agents
Security risks:
  • Overly permissive defaults
  • Forgotten legacy permissions
  • Permissions copied between environments
  • Missing audit trails
  • No separation between dev/prod permissions

Security

Comprehensive security practices

Hooks

Add permission checks via hooks