Spotfire External Actions

External actions in Spotfire are predefined configurations that allow end users to trigger actions to be executed on, or send data to, external systems made available using TIBCO Cloud™ Integration (TCI). Because the actions can affect external systems, and act on behalf of the user who runs an action, provisions are in place to help users make trust decisions.

The trust for actions is based on code signing by the configurator of the action.

When actions are configured within a Spotfire analysis, they are automatically signed by the user account that adds the action to the analysis, and others can use that signature to determine whether this signer is trusted. The actions in the external systems themselves are created using TCI, and the Spotfire configurator basically maps the parameters in TCI to some input provided from within the analysis. The person configurating the action must know how the endpoints in TCI work, and should add a proper description to help the end users understand what the action will do. Inputs can be either prompts for values to be entered by the end users, or based on some data selection in the analysis. Based on the information added, and the signature of the configurator, the end user can provide consent to run the action.

See Trusting custom content in the Spotfire environment in the Server and Environment - Installation and Administration manual for details about trust.


Component	Description
Licenses	The following license features for working with external actions are available: To run an external action in Spotfire, you need the Use External Actions license feature, located under Spotfire Consumer. To add and configure an external action, you need the Configure External Actions license feature, located under Spotfire Analyst. To be allowed to trust external actions configured by others, you need the Trust External Actions license feature, located under Spotfire Extensions.
Execution context	If a signer is trusted for a group by an administrator, actions configured by that signer can be triggered by users in that group (with permission to run actions), and all actions by that signer will be executed without asking the user to trust the action. If an untrusted external action is triggered by a user who is allowed to trust external actions, the user will be asked whether to trust the action. It is then possible to choose to trust either that particular action or to trust the signer. Once trusted, the action will run for this particular user. Users who lack the permission to trust external actions will not be able to use any untrusted external actions at all. An end user always has the opportunity to view the consent dialog (Run external action) and get a preview of the data or information sent to the external system.

If you suspect that a signature or a specific action has been misused, there are several measures that can be taken depending on the situation:


Option	Description
Remove previous trust decisions	Any trust decision, taken by either the administrator or by an end user, can be withdrawn. If an administrator has configured a signer to be trusted for a specific group, this trust can be removed by clicking Revoke trust on the Trusted signers page for the group in the administration pages on the server. See Removing trusted signers from a group. Administrators can also remove trust using the `remove-code-trust` command. End users can also remove trust for any external actions or signers that they previously trusted on their My account page, which can be reached via the Manage trust dialog in the client.
Invalidate signature (revoke certificate from server)	If there are suspicions that a user on the Spotfire Server has signed unsafe external actions, it is possible to revoke the user's certificate, which renders signatures invalid. This prevents other users from making a trust decision based on false premises. When a certificate has been revoked, any actions that have been signed (after a specified time) will be considered invalid. An end user who tries to run an action with an invalid signature will be informed that the signature has been invalidated. By default, actions with invalid signatures cannot be trusted in on-premises systems. An administrator can revoke the certificate for a user through the `revoke-code-signing-certificate` command, whereas an end user can revoke their own signatures on their My account page, reached from the Manage trust dialog.
Block certificate, user or item	If there are suspicions that a specific external action is being used for malicious purposes, it should be blocked from the system. An administrator can block either a Spotfire user, or a specific external action through the `block-code-trust` command. Note: If you select to block a specific action, then it might still be possible to trust and use an updated version of that action. Note that any modification will be seen as an update from a trust perspective. See Blocking certificates, users or custom items for more information.