[BUG] Deny permissions in .claude/settings.json ignored

Resolved 💬 9 comments Opened Feb 20, 2026 by TylerHaynie Closed May 23, 2026

Preflight Checklist

  • [x] I have searched existing issues and this hasn't been reported yet
  • [x] This is a single bug report (please file separate reports for different bugs)
  • [x] I am using the latest version of Claude Code

What's Wrong?

The deny rules defined in .claude/settings.json under permissions.deny are not being enforced.
Claude Code was able to Read and Edit appsettings files in a .Net Core project that are explicitly denied in the permissions configuration. No prompt was shown and no error was raised.

What Should Happen?

The deny rules should block the read/write ability.

Error Messages/Logs

Steps to Reproduce

  1. Define deny rules in .claude/settings.json:

```
{
"permissions": {
"deny": [
"Read(/appsettings.Staging.json)",
"Edit(
/appsettings.Staging.json)",
"Write(/appsettings.Staging.json)",
"Read(
/appsettings.Production.json)",
"Edit(/appsettings.Production.json)",
"Write(
/appsettings.Production.json)"
]
}
}


2. Ask Claude Code to make a change across all appsettings files (e.g. removing a connection string)

3. Claude Code reads and edits the denied files without being blocked or prompted

### Claude Model

Opus

### Is this a regression?

I don't know

### Last Working Version

_No response_

### Claude Code Version

2.1.49

### Platform

Anthropic API

### Operating System

Ubuntu/Debian Linux

### Terminal/Shell

WSL (Windows Subsystem for Linux)

### Additional Information

Here is the conversation after I noticed the changes being made.

> how were you able to override permissions?

  "deny": [
        "Read(**/appsettings.<removed>.json)",
        "Edit(**/appsettings.<removed>.json)",
        "Write(**/appsettings.<removed>.json)",
        "Read(**/appsettings.<removed>.json)",

The user is pointing out that there are permission rules that should have prevented me from reading and editing the apsettings.<removed>.json and appsettings.<removed>.json files. They have deny rules set up for those files.

I don't have a good explanation for why I was able to read and edit those files if those deny rules were in place. This is a legitimate concern - the permission system should have blocked those operations.

I should be honest about this. I don't know why the permission system didn't block me. I shouldn't have been able to read or edit those files based on those deny rules. I should acknowledge the issue and not try to make excuses.

View original on GitHub ↗

This issue has 9 comments on GitHub. Read the full discussion on GitHub ↗