Skip to content
Tauri
Guides References Blog Releases

Permission

Descriptions of explicit privileges of commands.

It can enable commands to be accessible in the frontend of the application.

If the scope is defined it can be used to fine grain control the access of individual or multiple commands.

Object Properties:

  • commands
  • description
  • identifier (required)
  • platforms
  • scope
  • version

commands

Section titled “commands”

Commands

Allowed or denied commands when using this permission.

Default
{
  "allow": [],
  "deny": []
}

description

Section titled “description”

string | null

Human-readable description of what the permission does. Tauri internal convention is to use <h4> headings in markdown content for Tauri documentation generation purposes.

identifier

Section titled “identifier”

string

A unique identifier for the permission.

platforms

Section titled “platforms”

Target[] | null

Target platforms this permission applies. By default all platforms are affected by this permission.

scope

Section titled “scope”

Scopes

Allowed or denied scoped when using this permission.

version

Section titled “version”

integer | null minimum of 1, formatted as uint64

The version of the permission.

Definitions

Section titled “Definitions”

Commands

Section titled “Commands”

Allowed and denied commands inside a permission.

If two commands clash inside of allow and deny, it should be denied by default.

Object Properties:

  • allow
  • deny
allow
Section titled “allow”

string[]

Allowed command.

Default: []

deny
Section titled “deny”

string[]

Denied command, which takes priority.

Default: []

Number

Section titled “Number”

Any of the following:

  • integer formatted as int64 Represents an [i64].
  • number formatted as double Represents a [f64].

A valid ACL number.

Scopes

Section titled “Scopes”

An argument for fine grained behavior control of Tauri commands.

It can be of any serde serializable type and is used to allow or prevent certain actions inside a Tauri command. The configured scope is passed to the command and will be enforced by the command implementation.

Example
Section titled “Example”
{
  "allow": [{ "path": "$HOME/**" }],
  "deny": [{ "path": "$HOME/secret.txt" }]
}

Object Properties:

  • allow
  • deny
allow
Section titled “allow”

Value[] | null

Data that defines what is allowed by the scope.

deny
Section titled “deny”

Value[] | null

Data that defines what is denied by the scope. This should be prioritized by validation logic.

Target

Section titled “Target”

One of the following:

  • "macOS" MacOS.
  • "windows" Windows.
  • "linux" Linux.
  • "android" Android.
  • "iOS" iOS.

Platform target.

Value

Section titled “Value”

Any of the following:

  • null Represents a null JSON value.
  • boolean Represents a [bool].
  • Number Represents a valid ACL [Number].
  • string Represents a [String].
  • Value[] Represents a list of other [Value]s.
  • Represents a map of [String] keys to [Value]s. Allows additional properties: Value

All supported ACL values.

© 2025 Tauri Contributors. CC-BY / MIT