Question 4
Domain 1Which is the *correct* precedence order (highest → lowest) for Claude Code permission settings?
Correct answer: A
Explanation
Claude Code permission settings follow a highest-to-lowest precedence of Enterprise, then CLI flags, then project-local, project-shared, and user settings. This order means higher-scope controls override lower-scope ones, so an Enterprise policy takes priority over all other configuration sources.
Why each option is right or wrong
A. Enterprise > CLI flags > project-local > project-shared > user.
Claude Code permission controls are resolved by scope, with the enterprise policy layer overriding every lower configuration source, followed by any runtime CLI flags, then repository-scoped settings. Within the project scope, the local file takes precedence over the shared project file, and both outrank the per-user configuration, so the correct descending order is Enterprise → CLI flags → project-local → project-shared → user.
B. User > project-shared > project-local > CLI flags > Enterprise.
Puts user settings above enterprise policy, which contradicts centralized governance and enforcement.
C. Project-shared > project-local > user > CLI flags > Enterprise.
Treats shared project settings as strongest and demotes enterprise and CLI overrides too far.
D. Project-shared > Enterprise > project-local > user > CLI flags.
Places project-shared above enterprise and CLI last, ignoring stronger central and invocation-level controls.