Document deny/allow rule precedence in settings.json permissions
Resolved 💬 3 comments Opened Feb 27, 2026 by ChrisBackOffice Closed Apr 9, 2026
Summary
When a file path matches both a deny and an allow pattern in settings.json permissions, the behavior is undocumented. Which takes precedence?
Use Case
FluxEngine uses a multi-tenant isolation model where each client instance has a settings.json with:
{
"permissions": {
"deny": [
"Read(C:\Users\cmoor\OneDrive*\2 - BUSINESS\**)"
],
"allow": [
"Read(C:\Users\cmoor\OneDrive - turnkeytel.com\2 - BUSINESS\2.5 - MSI Mechanical Services Ltd\**)"
]
}
}
The deny rule blocks the entire business directory. The allow rule permits one specific client subdirectory. This pattern works as a "deny all, allow specific" approach — but only if deny is evaluated first and allow acts as an override (or vice versa with clear documentation).
What's Unclear
- Evaluation order: Is it deny-first-then-allow, allow-first-then-deny, or most-specific-wins?
- Wildcard specificity: Does
OneDrive*in deny match differently than the literalOneDrive - turnkeytel.comin allow? - Edge case: What if the path matches deny but not allow (e.g.,
C:\...\2 - BUSINESS\without the specific client suffix)?
Request
Please document the deny/allow precedence behavior in the Claude Code permissions documentation, specifically:
- Which takes precedence when both match
- Whether specificity matters (more specific path wins)
- Recommended patterns for "deny all, allow specific" use cases
Environment
- Claude Code CLI
- Windows 11
- settings.json in
.claude/settings.jsonper project
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗