Usage of scripts and data functions

Note: Scripts in action mods use different security mechanisms than IronPython scripts, JavaScripts and data functions. See Developing mods and the Spotfire Mods website on GitHub for more information about mods.

See What are data functions? and Introduction for Data Function Authors in the Spotfire Analyst User Guide for more information about data functions.

If, or under which circumstances, scripts and data functions are allowed to be used depend on whether the user is working in an on-premises or cloud environment, and in which user role or product, Spotfire Consumer (web client user), Spotfire Business Author (web client author), or Spotfire Analyst (installed client author).

Also, users can be of different types depending on their authorities controlled by which groups they belong to, and the licenses specified for those groups. Licenses and groups settings are configured in the installed client under Tools > Administration Manager or using the web administration pages on the Spotfire Server.

The tables below list what is allowed to do for different combinations of user types and Spotfire products.

On-premises and Spotfire Cloud Enterprise users

Single-tenant cloud environments can be configured with licenses in the same way as on-premises solutions with a Spotfire Server. Users running the installed Spotfire client without a server have the same functionality as users running Spotfire Analyst with a server and with script author license, but there is always local execution and no library or script author functionality available.

Untrusted Spotfire® Enterprise Runtime for R (a/k/a TERR™) scripts might execute in T-REX* mode for all user types.

The TIBCO Spotfire Statistics Services server (SSS) is currently the only option to run data functions based on MATLAB or SAS.

Note: The TIBCO Spotfire Statistics Services server is discontinued and will no longer be updated. You can continue to use it but no bug fixes or security patches will be provided, and it will eventually be removed. See the Migration Guide for more information.


Type of user	Available data function engines	Create script	Add script to analysis	Save trusted script in library	Use results in analysis
Analyst without Author Script license	Local: IronPython JavaScript TERR Python Remote: TERR (TERR Service or SSS)^$ Python (Python Service)^$ R (Spotfire Service for R or SSS)^$ On-prem remote only: MATLAB (SSS)^$ SAS (SSS)^$	No	Yes, if the script is saved as trusted to the library by an authorized script author.*	No	Yes
Analyst with Author Script license		Yes	Yes, if the script is trusted by you, or saved as trusted to the library by an authorized** script author.	No	Yes, if a local engine is available or if SSS is used.^$$
Analyst with Author Script license + member of the Script Author group		Yes	Yes, if the script is trusted by you, or saved as trusted to the library by an authorized** script author.	Yes	Yes
Business Author with Execute data functions license	Remote: IronPython JavaScript TERR (TERR Service or SSS)^$ Python (Python Service)^$ R (Spotfire Service for R or SSS)^$ On-prem remote only: MATLAB (SSS)^$ SAS (SSS)^$	No	Yes You can only run scripts that are saved as trusted by an authorized script author.	No	Yes You can only run scripts that are saved as trusted by an authorized script author.
Consumer		No	No	No	Yes You can only run scripts that are saved as trusted by an authorized script author.

^* TERR Restricted Execution Mode (also known as T-REX mode) allows a limited subset of low-risk functions to execute unrestricted.

^** Script authors are authorized, if they are members of the Script Author group.

^*** If you previously had a license, the scripts that you created by that time can still be run.

^$ Server-side execution requires additional products.

^$$ The Spotfire Service for R does not provide a local engine so any R scripts executed with the R service always run on the server. Because of this, users who are not members of the Script Author group cannot run R scripts-even their own-unless the script has been trusted by a script author. However, a Spotfire Server administrator might bypass this security measure. See the Spotfire® Service for R Installation and Administration guide for more information.

TIBCO Cloud Spotfire users

The general multi-tenant Spotfire cloud solution allows self-service script usage for Analyst users only.

On the web, only TERR data functions are available. They always execute in the containerized TERR Service.


Type of user	Available data function engines	Create script	Add script to analysis	Save trusted script in library	Use results in analysis
Analyst	Local: IronPython JavaScript TERR Python	Yes	Yes, if the script is trusted by you. All TERR and Python data function scripts run locally (no server-side execution permitted). Untrusted TERR scripts can execute locally in T-REX mode.^*	No	Yes
Business Author	Remote: TERR Python	No	For security reasons, scripts cannot be used, except for TERR data functions.	No	Yes
Consumer	Remote: TERR Python	No	No	No	Yes

^* TERR Restricted Execution Mode (also known as T-REX mode) allows a limited subset of low-risk functions to execute unrestricted.