Claude Code Permissions Configuration Memo
Source: Notion | Last edited: 2025-07-08 | ID: 22a2d2dc-3ef...
Overview
Section titled “Overview”Claude Code uses a hierarchical permission system with multiple configuration levels. Settings are applied in order of priority, with higher levels overriding lower ones.
Permission Hierarchy (Highest to Lowest Priority)
Section titled “Permission Hierarchy (Highest to Lowest Priority)”1. Enterprise Policies (Highest Priority)
Section titled “1. Enterprise Policies (Highest Priority)”- Location:
- macOS:
/Library/Application Support/ClaudeCode/managed-settings.json - Linux/Windows:
/etc/claude-code/managed-settings.json
- macOS:
- Purpose: Organization-wide policies that cannot be overridden
- Managed by: IT administrators
- Current Status: None configured
2. Command Line Arguments
Section titled “2. Command Line Arguments”- Examples:
-dangerously-skip-permissions,-permission-mode - Purpose: Session-specific overrides
- Scope: Current session only
- Usage:
claude --dangerously-skip-permissions
3. Local Project Settings
Section titled “3. Local Project Settings”- Location:
.claude/settings.local.json - Purpose: Personal project-specific settings
- Scope: Current project only
- Git Status: Not tracked (personal)
- Current:
/Users/terryli/eon/gasab/.claude/settings.local.json✅ ACTIVE
4. Shared Project Settings
Section titled “4. Shared Project Settings”- Location:
.claude/settings.json - Purpose: Team-shared project settings
- Scope: Current project for all team members
- Git Status: Tracked and shared
- Current Status: None configured
5. User Settings (Lowest Priority)
Section titled “5. User Settings (Lowest Priority)”- Location:
~/.claude/settings.json - Purpose: Personal global settings
- Scope: All Claude Code sessions for the user
- Current Status: None configured
Current Configuration Status
Section titled “Current Configuration Status”Active Configuration: Local Project Settings Only
- File:
/Users/terryli/eon/gasab/.claude/settings.local.json - Permissions: Allows specific bash commands and docs.anthropic.com web fetching
Configuration Options Examples
Section titled “Configuration Options Examples”Basic Permission Structure
Section titled “Basic Permission Structure”{ "permissions": { "allow": [ "Bash(grep:*)", "Bash(python:*)", "Bash(ls:*)", "Bash(find:*)", "Bash(git add:*)", "Bash(git commit:*)", "WebFetch(domain:docs.anthropic.com)" ], "deny": [] }}Advanced Options
Section titled “Advanced Options”{ "permissions": { "allow": ["Bash(*)", "WebFetch(*)"], "deny": ["Bash(rm:*)", "Bash(sudo:*)"] }, "dangerouslySkipPermissions": true, "defaultPermissionMode": "acceptEdits"}Configuration Strategy
Section titled “Configuration Strategy”For This Project Only
Section titled “For This Project Only”Edit: /Users/terryli/eon/gasab/.claude/settings.local.json
For All Your Sessions
Section titled “For All Your Sessions”Create: ~/.claude/settings.json
For Your Team
Section titled “For Your Team”Create: /Users/terryli/eon/gasab/.claude/settings.json
Quick Actions
Section titled “Quick Actions”Skip All Permissions (Temporary)
Section titled “Skip All Permissions (Temporary)”claude --dangerously-skip-permissionsSet Permission Mode (Temporary)
Section titled “Set Permission Mode (Temporary)”claude --permission-mode acceptEditsCreate User-Level Config
Section titled “Create User-Level Config”mkdir -p ~/.claudeecho '{"dangerouslySkipPermissions": true}' > ~/.claude/settings.jsonSecurity Considerations
Section titled “Security Considerations”dangerouslySkipPermissionsbypasses safety guardrails- Use specific allowlists rather than broad permissions
- Local project settings are personal and not shared
- Enterprise policies cannot be overridden by users
Next Steps
Section titled “Next Steps”- Current: You have project-specific permissions configured
- Consider: Creating user-level defaults in
~/.claude/settings.json - Team: Add shared project settings if working with others
- Security: Review and tighten permissions as needed
Created: Tuesday 2025-07-08 15:18:08 Vancouver GMT-07:00
Purpose: Reference for Claude Code permission configuration