← 4.64.8 →
1085 words Slides

4.7 Permissions & Approvals

Course: Claude Code - Essentials Section: Claude Desktop App Video Length: 2-5 minutes Presenter: Daniel Treasure

Opening Hook

Claude Code is powerful because it can read, edit, and execute on your behalf. But that power comes with safety guardrails. In this video, you'll learn how Claude's permission system keeps you in control—and why that matters for both security and workflow.

Key Talking Points

1. Why Permissions Matter (The Philosophy)

  • Claude Code can modify your files and run shell commands—that's intentional power
  • But you're always the decision-maker: Claude asks before taking irreversible actions
  • Three permission tiers: read-only (no approval), file edits (session-level), and bash execution (per-command or persistent)

What to say: "Claude isn't going to delete your database or push to production without you knowing. The permission system is built on a simple principle: transparency and control."

What to show on screen: Display a permission approval dialog from the desktop app. Show the desktop app UI with a pending approval prompt visible.

2. The Three Permission Tiers

Explain what doesn't require approval and what does: - Read-only tools: File reads, Grep, Glob—no approval needed (safe to explore) - File modification: Edit, Write commands—approved once per session (applies until session ends) - Bash execution: Shell commands—approved permanently per project directory or per command, depending on your rules

What to say: "When Claude reads your code, it's silent. When it wants to modify something, you'll see an approval dialog. And when it runs bash commands, you decide upfront whether to allow it once, for the session, or permanently."

What to show on screen: Create three visual sections in the desktop app showing each tier. Or show the approval UI in three states: read (no dialog), edit (asking for approval), bash (asking for approval).

3. Permission Modes: Default vs Accept vs Plan

Introduce the four main modes (brief overview—deep dive happens in settings video): - Default: Standard behavior, Claude asks for permission on first use of each tool - Accept Edits: Automatically approves file edits for the session (faster workflow) - Plan Mode: Claude can analyze but not modify files or run commands (safe exploration) - Bypass Permissions: Advanced mode that skips prompts (enterprise/sandbox environments only)

What to say: "Most of the time, you'll use the default mode. But if you're in the zone and confident, you can switch to Accept Edits mode. And if you're reviewing a potentially risky codebase, Plan Mode lets you explore safely."

What to show on screen: Show the mode selector in the desktop app settings or UI. Highlight the toggle or dropdown where users can switch modes.

4. The Approval UI: How It Works

Walk through what happens when Claude needs approval: - A dialog appears with: - What Claude wants to do (the action) - Which tool is requesting it (Bash, Edit, Write) - Context about why (optional details) - User options: Approve once, Approve for this session, Deny, or (in some cases) Always allow/deny

What to say: "When an approval dialog appears, you'll see exactly what Claude is about to do. You can approve just that one action, or tell Claude to remember your answer for the rest of the session."

What to show on screen: Show a real approval dialog from the desktop app. Include context like the command being run or the file being edited. Make it clear and readable.

5. Fine-Grained Permission Rules (Quick Intro)

Mention that advanced users can pre-approve certain actions in settings: - Allow Bash(npm run *) to auto-approve any npm script - Deny Bash(rm -rf *) to block destructive commands - Allow specific file paths to always be editable

What to say: "You don't have to approve every single action. In your settings, you can create rules that pre-approve safe actions—like all npm scripts—while blocking dangerous ones."

What to show on screen: Display a settings JSON snippet showing permission rules (allow, deny, ask). Don't overwhelm—just show one or two examples.

Demo Plan

This is a UI-focused demo. The goal is to show how the approval system feels in real-world use.

  1. Open the desktop app in Claude Code mode
  2. Start a simple task that requires file modification (e.g., "add a comment to index.js")
  3. Trigger an approval dialog by having Claude attempt to edit a file
  4. Show the approval UI with all options visible (Approve once, Approve for session, Deny)
  5. Approve the action and show how the edit proceeds
  6. Open Settings and briefly show the permission mode selector (Default, Accept Edits, Plan)
  7. Exit

This should take 1-2 minutes and demonstrate that: - Approvals are clear and specific - Users are always in control - The workflow isn't cumbersome

Code Examples & Commands

No code needed for this video. Focus is entirely on UI and settings.

Example permission rule (shown in settings.json):

{
  "permissions": {
    "allow": ["Bash(npm run *)", "Read(./)"],
    "deny": ["Bash(rm -rf *)", "Bash(git push origin *)"],
    "ask": ["Bash(curl *)"]
  }
}

Gotchas & Tips

  • Permission approvals reset between sessions: If you approve a file edit "for this session," it expires when the session ends. Start a new session, start fresh
  • Permanent bash approvals are per-directory: A rule allowing npm install in your project root won't apply to a different project
  • Default mode is safest: New users should stick with Default mode until comfortable
  • Deny rules take precedence: If you have both allow and deny rules, deny always wins
  • Plan Mode is your safety net: If you're unsure about a large change, switch to Plan Mode first and review what Claude proposes before allowing execution

Lead-out

"The permission system is your safety net. It keeps Claude accountable and you in control. Now let's move on to working with files and images—because Claude doesn't just edit code, it can also understand and analyze visual content."

Reference URLs

Prep Reading

  • Official Claude Code Permissions documentation (section 6 of docs-research.md)
  • Permission modes explained in Settings guide
  • Review the three permission tiers in detail
  • Understand permission rule precedence (deny > ask > allow)

Notes for Daniel: This video builds confidence in the tool. Viewers need to feel that Claude Code respects their autonomy. Show the approval dialogs clearly and explain them plainly. Avoid technical jargon when possible. Emphasize control and transparency.