AI-101

Lesson 18

Permission Rules

AI Confidence: 90%

AI-generated

Permission Rules

Learning Objectives

Create allowlist rules for trusted commands

Create deny rules to block dangerous operations

Use /permissions to manage rules

Scope rules to sessions, projects, or globally

Understand how rules combine and take precedence

Introduction

Permission modes control the overall approach. Permission rules control specifics. With rules, you can say "always allow npm test" or "never allow rm -rf" regardless of which mode you are in.

Rules give you fine-grained control. You build a list of what is allowed, what is denied, and what should ask. Over time, this list reflects your workflow.

This lesson teaches you how to create and manage permission rules.

Opening the Permissions Interface

The /permissions command opens the rule manager:

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

You see:

Current rules organized by scope

Options to add or remove rules

Recent auto mode denials (if using auto mode)

Working directory settings

Navigate with arrow keys, Enter to select.

Allow Rules

Allow rules let specific actions happen without asking.

Allow a specific command:

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

Claude can run npm test without prompting you.

Allow a pattern:

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

Claude can run any npm script without asking.

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

Claude can run any git command without asking.

Allow a tool:

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

Claude can edit files without asking. Use carefully.

Deny Rules

Deny rules block actions even if they would otherwise be allowed.

Deny dangerous commands:

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

Claude cannot run recursive delete even in auto mode.

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

Claude cannot force push.

Deny tools:

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

Claude cannot create new files. It can still edit existing files.

Deny rules take precedence over allow rules. If something is denied, it is denied.

Rule Syntax

Rules follow this format:

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

Actions:

Allow - Permit without asking

Deny - Block entirely

Ask - Always ask (the default)

Tools:

Bash - Shell commands

Edit - File editing

Write - Creating new files

Read - Reading files (rarely restricted)

Skill - Invoking skills

MCP tool names

Patterns:

Exact match: Bash(npm test)

Prefix match: Bash(npm *)

Multiple patterns: Bash(git commit *, git push *)

Rule Scopes

Rules can apply at different levels:

Session scope:

Applies only to the current session. Gone when you exit.

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

Project scope:

Applies to this project directory. Stored in .claude/settings.json.

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

User scope:

Applies to all your projects. Stored in ~/.claude/settings.json.

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

Higher scopes have priority over lower ones when there is a conflict.

Adding Rules

Through /permissions:

Run /permissions

Select "Add rule"

Choose scope

Enter the rule

Through conversation:

You can also ask Claude:

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

Claude adds the rule for you.

In settings.json:

Edit the settings file directly:

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop
Removing Rules

Through /permissions:

Run /permissions

Navigate to the rule

Select "Remove"

In settings.json:

Delete the rule from the array.

Common Rule Patterns

Development commands:

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

Git commands:

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

Safety denials:

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

Skill restrictions:

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

Block skills you do not want Claude invoking automatically.

Reviewing Auto Mode Denials

When using auto mode, /permissions shows recent denials:

[@portabletext/react] Unknown block type "codeBlock", specify a component for it in the `components.types` prop

Select "Review auto mode denials" to see what the classifier blocked. This helps you understand what auto mode considers risky and decide if you want to add allow rules for legitimate actions.

How Rules Combine

When Claude wants to do something:

Check deny rules. If denied, block it.

Check allow rules. If allowed, do it.

Check permission mode. In auto mode, use classifier. In default mode, ask.

Order matters: deny beats allow beats mode defaults.

Scope precedence:

User rules override project rules override session rules. This lets you set organization-wide denials that projects cannot override.

Key Takeaways

Allow rules permit actions without asking

Deny rules block actions entirely

Rules use Tool(pattern) syntax with wildcards

Scope rules to session, project, or user level

Deny rules take precedence over allow rules

Use /permissions to manage rules interactively

Build rules over time as you learn your workflow

Try It Yourself

Practice permission rules:

Run /permissions to see current rules.

Add an allow rule: Allow: Bash(echo *).

Ask Claude to run an echo command. Notice no prompt.

Add a deny rule: Deny: Bash(rm *).

Ask Claude to delete a file. Notice it is blocked.

Remove the echo allow rule.

Ask Claude to echo again. Notice the prompt returns.

This exercise shows how rules control Claude's behavior.

Sources

https://code.claude.com/docs/en/permissions - Complete permission rule documentation

https://code.claude.com/docs/en/settings - Settings file format for rules

https://code.claude.com/docs/en/commands - /permissions command reference