The Vantage View | Salesforce

Claude Code Admin Settings Guide 2026: Permissions, Auto Mode, and Bypass Controls | Vantage Point

Written by David Cockrum | May 27, 2026 1:23:40 PM
Quick Answer

Claude Code admin settings are changing so Claude Code Desktop reads the same managed admin policy as the CLI and IDE from server-managed settings, MDM policy, or managed-settings.json, using the same precedence rules. The most urgent change is that the Claude Code Desktop admin toggles for Allow bypass permissions mode and Allow auto permissions mode are being retired. Unless your organization has already explicitly disabled those modes, they are available by default; admins who want them disabled need to add the matching managed policy by June 5, 2026.

This matters for IT, security, engineering, RevOps, and business leaders because Claude Code can read code, edit files, run commands, call tools, connect to MCP servers, and operate across local development environments. Vantage Point helps organizations turn AI adoption into practical governance: clear settings, defined workflows, secure data access, and change management that supports productivity without creating unmanaged risk.

TL;DR

  • What changed: Claude Code Desktop is aligning with the same managed settings model used by the CLI and IDE, including server-managed settings, MDM policies, and managed-settings.json.
  • Key deadline: If your organization wants to disable auto mode or bypass permissions mode, add the managed policy by June 5, 2026.
  • Why it matters: These settings affect how much autonomy Claude Code has to edit files, run commands, and proceed without prompts.
  • Best next step: Review current Claude Code usage, define acceptable permission modes, deploy managed settings, and verify enforcement with /status and /permissions.
  • Vantage Point angle: AI coding tools should be governed like CRM, data, and integration systems: policy first, workflow second, adoption third.

What changed in Claude Code admin settings?

Anthropic notified Claude Code administrators that the Claude Code admin settings page has been reorganized and that Claude Code Desktop will now read the same admin policy as the CLI and IDE. That policy can come from managed settings, MDM controls such as macOS plist or Windows registry, or managed-settings.json, with the same precedence model.

The practical change is simple: Claude Code administration is becoming more unified across surfaces. Instead of treating Desktop settings as a separate admin control point, organizations should think in terms of one managed policy model for Claude Code.

The urgent item is the retirement of two Desktop admin settings toggles:

  • Allow bypass permissions mode
  • Allow auto permissions mode

Anthropic’s notice says these modes are available by default unless your organization has already explicitly disabled them. To disable them going forward, admins need to add the matching policy to their organization’s Claude Code settings by June 5, 2026.

Source: Anthropic Claude Code settings documentation and the Anthropic admin email notification provided to Vantage Point.

Why do Claude Code admin settings matter for business leaders?

Claude Code admin settings matter because AI coding tools are no longer small productivity add-ons. They are becoming operational systems that can touch repositories, local files, development commands, package managers, terminals, APIs, MCP servers, plugins, hooks, and shared team workflows.

That is powerful. It also means governance cannot be limited to “who has a license?” Leaders need to answer deeper questions:

  • Which users should have Claude Code access?
  • Which permission modes are appropriate for each use case?
  • Which commands, files, domains, and tools should be allowed or denied?
  • Which MCP servers and plugin sources can be trusted?
  • How will usage, adoption, and risk be monitored?
  • How will teams avoid turning one developer’s local preference into an organization-wide exposure?

This is the same operating-model challenge Vantage Point often sees with Salesforce, HubSpot, AI, and integration programs. The tool is not the strategy. The strategy is the combination of workflow design, data governance, security controls, adoption planning, and ongoing support.

For organizations building AI into customer operations, Vantage Point connects this work to AI-driven personalization and analytics, compliance and security solutions, and advisory and change management.

What are Claude Code managed settings?

Claude Code managed settings are organization-controlled configuration policies that take precedence over user, project, and local settings. They let administrators define what Claude Code can and cannot do across users and machines.

Anthropic documents several configuration scopes:

Scope Typical location Who controls it Business use
Managed Claude admin console, MDM, registry, or system-level managed-settings.json IT, security, platform administrators Organization-wide policy enforcement
User ~/.claude/settings.json Individual user Personal preferences and global defaults
Project .claude/settings.json Team or repository maintainers Shared project settings committed to source control
Local .claude/settings.local.json Individual user Machine-specific or experimental project settings

The most important principle is precedence. Managed settings sit at the top. They cannot be overridden by user preferences, project settings, or command-line arguments.

That is why the June 5 change matters. If an organization wants to prevent auto mode or bypass permissions mode, the safest approach is to enforce that choice through managed settings rather than relying on user behavior or one-off Desktop toggles.

What are auto mode and bypass permissions mode?

Auto mode and bypass permissions mode are Claude Code permission modes that reduce or remove approval prompts. They are useful in the right context, but they should not be enabled casually across sensitive environments.

Mode What it does Best use Governance concern
Default Prompts before tool actions that need approval Sensitive work, early adoption, general use Lower productivity for repetitive tasks
Accept edits Allows file edits and common filesystem commands in working directories Iterating on code with human review Still requires clear protected path and repo hygiene
Plan Lets Claude research and propose before editing Architecture review, codebase exploration, risky changes Teams must actually review the plan before execution
Auto Runs with background safety checks instead of frequent prompts Longer trusted tasks where direction is clear Still a research-preview-style autonomy model and not a substitute for governance
DontAsk Only pre-approved tools run; other prompts are denied CI, scripts, locked-down automation Requires well-designed allow rules
Bypass permissions Skips permission prompts and safety checks Isolated containers or VMs only High risk on normal workstations or production-connected environments

The big distinction: auto mode still applies safety checks, while bypass permissions mode skips permission prompts and safety checks. Bypass permissions mode should generally be limited to isolated environments, such as containers or virtual machines where Claude Code cannot damage host systems or access sensitive resources.

What should admins do before June 5, 2026?

Admins should decide whether auto mode and bypass permissions mode are appropriate for the organization, then encode that decision in managed settings before the June 5 deadline.

A practical action plan looks like this:

  1. Inventory who uses Claude Code. Confirm which teams, seats, machines, and workflows currently rely on Claude Code Desktop, CLI, IDE extensions, or Claude Code on the web.
  2. Classify workflows by risk. Separate low-risk local refactoring from sensitive work involving credentials, production systems, customer data, infrastructure, or regulated workflows.
  3. Decide which permission modes are allowed. Most organizations should start with default, plan, and acceptEdits. Auto mode may be appropriate for mature teams with strong policy boundaries. Bypass permissions should usually be blocked outside isolated environments.
  4. Deploy managed settings. Use server-managed settings, MDM/OS-level policies, or file-based managed-settings.json depending on your device environment.
  5. Restrict sensitive access. Add deny rules for secrets, environment files, credentials, protected directories, risky commands, and untrusted network destinations.
  6. Review MCP and plugin governance. Define which MCP servers and plugin marketplaces are approved before teams begin extending Claude Code broadly.
  7. Verify enforcement. Ask users to run /status and /permissions in Claude Code to confirm the active settings source and permission rules.
  8. Document the policy. Tell users which modes are allowed, why certain capabilities are blocked, and how to request exceptions.

What policy settings should teams review?

The specific JSON should always be validated against Anthropic’s current documentation and tested in a pilot group. As a starting point, teams should review these controls.

Control area Why it matters Example setting or concept
Disable bypass permissions Prevents users from skipping permission prompts and safety checks permissions.disableBypassPermissionsMode
Disable auto mode Prevents promptless auto mode when the organization is not ready for it permissions.disableAutoMode
Managed-only permissions Prevents users or projects from defining their own allow, ask, or deny rules allowManagedPermissionRulesOnly
Deny sensitive reads Blocks access to .env, secrets, credentials, and sensitive files permissions.deny rules
Restrict Bash/network paths Reduces risk from shell commands, curl, wget, and external calls Permission rules plus sandbox settings
Control MCP servers Prevents unmanaged tools and integrations from entering the environment allowedMcpServers, deniedMcpServers, allowManagedMcpServersOnly
Restrict plugin marketplaces Limits extensions to approved sources strictKnownMarketplaces, blockedMarketplaces
Sandboxing Adds OS-level filesystem and network boundaries around Bash commands sandbox.enabled, network/domain controls
Version floor Ensures users run a minimum Claude Code version with required controls minimumVersion

A conservative managed settings pattern may look like this conceptually:

 {
  "permissions": {
    "deny": [
      "Read(./.env)",
      "Read(./.env.*)",
      "Read(./secrets/**)",
      "Bash(curl *)",
      "Bash(wget *)"
    ],
    "disableBypassPermissionsMode": "disable",
    "disableAutoMode": "disable"
  },
  "allowManagedPermissionRulesOnly": true
}

Important note: Organizations should test this in a non-production pilot before broad deployment. The exact policy should reflect how your teams build, test, deploy, and use approved internal tools.

How do Claude Code setting sources work?

Anthropic documents several ways to deliver managed settings. Each option fits a different operating model.

Delivery method Best for Notes
Server-managed settings Teams and Enterprise customers that want centralized web-based policy Delivered through Claude.ai admin settings; requires supported Claude plan and network access
MDM / OS-level policy Managed macOS and Windows fleets Stronger endpoint enforcement because policy is deployed by IT/device management
File-based managed settings Linux, WSL, servers, developer images, or managed workstations Uses system directories such as /etc/claude-code/ or platform equivalents
Windows registry policy Windows enterprise deployments HKLM is stronger than HKCU because it requires admin privileges

The main architecture decision is whether your organization manages devices centrally. If yes, endpoint-managed settings through MDM or registry controls may provide stronger assurance. If not, server-managed settings are often faster to deploy and easier to administer.

For mixed environments, teams may need both: server-managed settings for Claude.ai users and endpoint-managed policies for machines, providers, or environments that cannot rely on server-managed delivery alone.

How should teams govern Claude Code permissions?

Teams should govern Claude Code permissions using defense in depth: permission rules, sandboxing, managed settings, user training, and monitoring.

Permission rules control what Claude Code can attempt. Sandboxing controls what subprocesses can actually reach at the operating-system level. That distinction matters. A deny rule for WebFetch can block Claude’s web fetch tool, but if Bash is broadly allowed, a command like curl may still reach external endpoints unless Bash/network behavior is also restricted.

A practical governance model includes:

  • Deny known-sensitive files. Block .env, credential files, secrets folders, private keys, exports, and customer data extracts.
  • Avoid broad command allowlists. Prefer specific rules such as Bash(npm test) instead of broad rules such as Bash(npm *).
  • Treat shell access as high impact. Shell commands can invoke other tools, read files indirectly, make network calls, or modify repositories.
  • Use plan mode for higher-risk work. Require analysis and human approval before changes that touch architecture, authentication, data flows, or deployment.
  • Use isolated environments for autonomous work. If teams need high-autonomy coding sessions, run them in containers, VMs, or controlled development sandboxes.
  • Monitor adoption and exceptions. Track where teams request looser permissions and whether those requests point to valid workflow needs or policy gaps.

This is where AI governance overlaps with broader operating design. Vantage Point often helps teams connect AI controls to managed services and ongoing support, workflow automation and process optimization, and system integration and data migration planning.

What can go wrong if teams ignore this update?

If teams ignore the update, they may unintentionally leave higher-autonomy Claude Code modes available across Desktop environments. That does not automatically mean something bad will happen, but it does mean the organization’s actual AI operating model may be looser than its intended policy.

Common risks include:

Risk What it looks like How to reduce it
Unapproved autonomy Users enable auto or bypass behavior without a defined policy Disable modes through managed settings or explicitly document approved use cases
Secret exposure Claude Code reads or processes .env, tokens, credentials, or sensitive exports Add deny rules and sandbox boundaries for sensitive paths
Unsafe shell commands Broad command rules allow scripts, network calls, or destructive operations Use narrow allow rules, deny risky commands, and test policy behavior
Unmanaged integrations Users add MCP servers or plugins from unreviewed sources Use MCP allowlists and marketplace restrictions
Inconsistent rollout CLI, IDE, and Desktop behave differently because policies are not unified Standardize managed settings across surfaces
Adoption backlash Controls are imposed without explaining the workflow impact Pair policy changes with enablement, examples, and exception paths

The goal is not to block Claude Code. The goal is to make Claude Code safe enough to scale.

How should CRM, RevOps, and data teams think about Claude Code?

CRM, RevOps, and data teams should think about Claude Code as part of the broader AI operations stack, not just as an engineering utility. Many business teams increasingly rely on technical workflows: API scripts, migration utilities, data cleanup jobs, reporting automation, integration mappings, and configuration-as-code patterns.

That creates practical questions:

  • Should Claude Code access CRM export files?
  • Can it inspect integration scripts that contain API endpoints or field mappings?
  • Can it modify HubSpot or Salesforce migration utilities?
  • Can it run commands that call vendor APIs?
  • Can it generate or update scripts used by business operations teams?
  • Who approves changes when AI-assisted code touches customer data workflows?

These questions sit squarely at the intersection of CRM strategy, AI governance, and implementation operations. For teams using Salesforce, HubSpot, middleware, or custom data pipelines, the safest approach is to align Claude Code policies with the same data governance standards used across CRM and integration programs.

Vantage Point helps organizations evaluate, implement, and optimize Salesforce and HubSpot based on their operating model, data needs, adoption goals, and growth strategy. That same lens applies to AI coding tools: define the work, define the data, define the controls, then scale adoption.

What should your Claude Code governance checklist include?

Use this checklist before June 5 and as part of your ongoing AI operations review.

Checklist item Owner Status
Confirm whether Claude Code Desktop, CLI, and IDE are in use IT / Engineering Not started / In progress / Done
Decide whether auto mode is allowed Security / Engineering leadership Not started / In progress / Done
Decide whether bypass permissions mode is allowed Security / Engineering leadership Not started / In progress / Done
Deploy managed settings before June 5 IT / Platform team Not started / In progress / Done
Add deny rules for .env, secrets, credentials, and sensitive exports Security / Platform team Not started / In progress / Done
Define approved Bash commands and risky command deny rules Engineering / DevOps Not started / In progress / Done
Review MCP server and plugin marketplace policy Platform / Security Not started / In progress / Done
Verify settings using /status and /permissions Pilot users Not started / In progress / Done
Document user guidance and exception process Change management / IT Not started / In progress / Done
Review policy quarterly as Claude Code features evolve Governance team Not started / In progress / Done

How Vantage Point helps

Vantage Point helps organizations adopt AI tools without losing control of data, workflows, or platform governance. For Claude Code and similar AI development tools, that means helping teams move from “people are using this” to “we know how this should be used safely.”

A practical engagement may include:

  • Reviewing current Claude Code usage and AI tool adoption patterns.
  • Mapping AI coding workflows to CRM, integration, data, and compliance risk areas.
  • Defining permission modes, managed settings, and sensitive data boundaries.
  • Designing an adoption and enablement plan for developers, admins, RevOps, and business technologists.
  • Connecting AI tool governance to Salesforce, HubSpot, integration, and data migration programs.

If your team is evaluating how Claude Code, Anthropic, Salesforce, HubSpot, integrations, or CRM governance fit together, Vantage Point can help assess the right next step and build a practical implementation plan.

FAQ

What is changing with Claude Code admin settings?

Claude Code admin settings are being unified so Desktop reads the same managed admin policy as the CLI and IDE. Admins should manage Claude Code through server-managed settings, MDM policy, OS-level policy, or managed-settings.json rather than relying on retired Desktop-specific toggles.

What is the June 5, 2026 Claude Code admin deadline?

June 5, 2026 is the date Anthropic identified for admins who want to explicitly disable auto mode or bypass permissions mode through organization Claude Code settings. If those modes are not already disabled, they are available by default according to Anthropic’s notice.

Should businesses disable Claude Code auto mode?

Businesses should disable Claude Code auto mode until they have a clear policy for when promptless execution is acceptable. Mature teams may later enable it for defined workflows with trusted infrastructure, narrow permissions, and monitoring.

Should businesses disable bypass permissions mode?

Most businesses should disable bypass permissions mode on normal workstations because it skips permission prompts and safety checks. If it is used at all, it should be limited to isolated containers, VMs, or controlled development environments that cannot access sensitive systems.

What are managed settings in Claude Code?

Managed settings are organization-controlled policies that override user, project, and local Claude Code settings. They are used to enforce security requirements such as permission rules, sandboxing, MCP restrictions, plugin marketplace controls, and mode restrictions.

How can admins verify Claude Code settings are active?

Admins can ask users to run /status in Claude Code to see which settings sources are active. Users can also run /permissions to review effective permission rules and confirm that managed rules are being applied.

How does this relate to AI governance?

This is a practical AI governance issue because Claude Code can act inside development and business operations environments. Organizations need policies for data access, file access, tool execution, integrations, review workflows, and exception handling before scaling autonomous AI work.

Can Vantage Point help with Claude Code and AI governance planning?

Yes. Vantage Point helps organizations connect AI governance to real operating workflows across Salesforce, HubSpot, integrations, data migration, and managed services. The goal is to make AI useful, secure, and supportable—not just available.

Sources
View full post