Feature Request: Persistent Global Permissions
tl;dr Please add the "allow" and "deny" settings to the User-level settings in ~/.claude/settings.json.
Problem
The current permission system creates a "boy who cried wolf" scenario that paradoxically reduces security. Users working across multiple projects/sessions get prompted repeatedly for the same basic tools (Read, Edit, Bash, etc.), leading to permission fatigue. This forces users to choose between constant interruptions (default mode) or no security at all (bypassPermissions mode). The result is that many users enable bypassPermissions entirely, defeating the purpose of having a permission system.
Additionally, Allow/Deny settings work in project-level settings but are ignored in user-level settings, meaning users cannot set global preferences for trusted tools.
Proposed Solution
Add a persistent global permissions mode that:
- Prompts for permission the first time a tool is used (ever)
- Remembers the choice globally across all future sessions and projects
- Allows granular control (approve safe tools globally, still prompt for dangerous ones)
- Provides management commands to view/revoke permissions
Example flow:
Session 1: Claude uses `Read` → User prompted → Approves → Saved globally
Session 2: Claude uses `Read` → No prompt (previously approved)
Session 3: Claude uses `WebFetch` → User prompted → Denies → Saved globally
Session 4: Claude uses `WebFetch` → Automatically denied (no prompt)
Implementation Options
Option 1 - New mode:
{
"defaultMode": "persistentPermissions",
"globallyApprovedTools": ["Read", "Edit", "Bash"],
"globallyDeniedTools": ["WebFetch"]
}
Option 2 - Extend existing:
{
"defaultMode": "default",
"persistentPermissions": true,
"Allow": ["Read", "Edit", "Bash"],
"Deny": ["WebFetch"]
}
Benefits
- Better security: Users less likely to bypass permissions entirely
- Improved UX: No repetitive prompting for already-approved tools
- Consistency: Same permissions across all projects and sessions
- Granular control: Approve safe tools globally while still prompting for risky ones%
This issue has 3 comments on GitHub. Read the full discussion on GitHub ↗