Skip to main content

Permission management

There are times where depending on the state of permissions granted to a process, we want to do different things. This is made very easy to do with the Deno permissions API.

Edit on Github
In the most simple case, we can just request a permission by it's name. In this case, we ask for --allow-env and prompt the user. The user will not be prompted if it was already allowed in the past and not revoked.
let status = await Deno.permissions.request({ name: "env" });
if (status.state === "granted") {
  console.log("'env' permission is granted.");
} else {
  console.log("'env' permission is denied.");
}
There are also synchronous versions of all the permission APIs
status = Deno.permissions.requestSync({ name: "env" });
if (status.state === "granted") {
  console.log("'env' permission is granted.");
} else {
  console.log("'env' permission is denied.");
}
We can also query permissions without asking for them. In this case, we are querying whether or not we have the read permission. Not only can we query whether we have a permission or not, we can even specify what directories we have permissions in using the path option.
const readStatus = await Deno.permissions.query({
  name: "read",
  path: "/etc",
});
console.log(readStatus.state);
In the case that we no longer need a permission, it is also possible to revoke a process's access to that permission. This is useful when a process starts running untrusted code.
import { assert } from "jsr:@std/assert";

const runStatus = await Deno.permissions.revoke({ name: "run" });
assert(runStatus.state !== "granted");

Run this example locally using the Deno CLI:

deno run https://docs.deno.com/examples/permissions.ts

Additional resources