Script and Data Function Trust


Spotfire analyses can be enhanced by writing code using different programming languages (for example, JavaScript, IronPython or R). Scripts or data functions might be used for many different things. For example, a script might trigger actions or create a new visualization, or, a data function might perform statistical calculations or add data. By using scripts and data functions you can create very powerful analytic applications.

When allowing a script to run within an analysis, it is important to consider security. A script or data function written by a malevolent person could potentially perform unexpected or undesired actions. Therefore, Spotfire uses a trust mechanism, where users called Script Authors, verified by licenses and group belonging, are the only ones that can make a script trusted for anyone in the organization.

Script Authors

As a script author, you have the responsibility to provide other users in your company with secure and working scripts. When you have developed a data function or an analysis including a script you must make sure the script or data function is trusted before you save it to the library, to ensure that it can be used by others. You can review all scripts and data functions in an analysis and trust them one by one, or approve all your scripts in an analysis by selecting File > Manage trust and scripts and clicking Trust All.

Spotfire Analyst Authors

If you are an analysis author, there may be occasions when you want to run a script or data function that has not been approved and trusted by a script author. For example, you might receive a local file from a colleague for testing purposes.

If you open an analysis with untrusted scripts, you have the option to review and trust the scripts or data functions yourself, using the Manage trust and scripts dialog.

If you are not the primary author of the script and you are not qualified to understand whether the script is safe, you should only trust it if you are certain that it comes from a reliable source.

Note: In some situations, you might need to reload data after a script or data function has been trusted to get the correct data.

Business Author or Consumer Users

In the web clients, it is not possible to assign trust to a script. If you encounter an analysis with untrusted scripts you must either open the analysis in Spotfire Analyst and trust the scripts before saving the file, or contact a script author to do it for you.

Data Functions written in R

TIBCO has its own implementation of the R language, TIBCO Enterprise Runtime for R (TERR), which is included in Spotfire applications. TERR comes with a restricted mode which is built to provide a secure environment when working with data functions. If the data function is trusted, then it can be executed without any restrictions. If a TERR-based data function is not trusted, Spotfire will make an attempt to run the data function in the restricted mode. If the script uses statements that are not available in the restricted mode, then the data function will be prevented from running until it has been trusted.

Note: For inline TERR scripts (that is, when using TERR directly in custom expressions, only the restricted execution mode is available).

See also:

What are Data Functions?

IronPython Example Scripts

JavaScript Example Scripts