How To Modify Approvals in Claude Code

Claude Code is an AI-powered development assistant that can execute commands and modify files on your behalf.

To maintain security and control, Claude Code uses JSON configuration files to determine which actions it can perform automatically and which require your explicit approval.

In this guide, you'll learn how these settings work and how to use wildcard permissions to streamline your workflow while maintaining security.

How To Modify Approvals in Claude Code

Claude Code uses a permission system that allows you to control which commands require approval before execution. This guide will show you how to configure these permissions for both individual projects and globally.

Understanding the Permission System

Claude Code's permission system uses three categories:

• allow: Commands that run without asking for approval
• deny: Commands that are blocked from running
• ask: Commands that require explicit approval each time

Project-Level Permissions

Inside your project, you'll find a .claude/settings.local.json file that contains your project-specific permissions:

{
  "permissions": {
    "allow": [
      "Bash(mkdir:*)",
      "Bash(chmod:*)",
      "Bash(./build.sh)",
      "Bash(open:*)",
      "Bash(pkill:*)",
      "Bash(log show:*)",
      "Bash(build/Curtain.app/Contents/MacOS/Curtain:*)"
    ],
    "deny": [],
    "ask": []
  }
}

Using Wildcards for More Permissive Rules

Instead of listing individual commands like:

"Bash(npm build:*)",
"Bash(npm run dev:*)"

You can use a wildcard pattern to allow all variations of a command:

"Bash(npm:*)"

The :* syntax creates a wildcard that matches anything after the command. With "Bash(npm:*)", Claude Code can run:

• npm install
• npm run dev
• npm clean
• Any other npm subcommand

Global Permissions

For permissions you want to apply across all Claude projects, configure them in your global settings file at ~/.claude/settings.json:

{
  "permissions": {
    "additionalDirectories": [
      "/Applications/Cursor.app/Contents/Resources/app/bin"
    ],
    "allow": [
      "Bash(npm:*)"
    ]
  }
}

Global permissions apply to every Claude Code session, saving you from repeatedly configuring common commands.

Best Practices

1. Start restrictive: Begin with specific commands and broaden permissions as needed
2. Use project-level for project-specific tools: Keep build scripts and project tools in .claude/settings.local.json
3. Use global for common tools: Put frequently used commands like npm, git, or python in ~/.claude/settings.json
4. Review regularly: Periodically check your permissions to ensure they match your security requirements

Examples

Allow all git commands globally

"Bash(git:*)"

Allow specific Python scripts in a project

"Bash(python scripts/deploy.py:*)",
"Bash(python -m pytest:*)"

Block dangerous commands

{
  "deny": [
    "Bash(rm -rf /*)",
    "Bash(sudo:*)"
  ]
}

By understanding and configuring Claude Code's approval system, you can create a workflow that balances security with productivity, automating routine commands while maintaining control over sensitive operations.