By design, the TERR Service always executes data functions in restricted mode if the data function is not trusted, regardless of the value set in the terr.restricted.execution.mode flag.

TERR Restricted Execution Mode (also known as T-REX mode) provides a secure environment by allowing only a limited subset of low-risk functions to execute. The execution behavior is determined by trust:

• Trusted Data Functions: These can be executed without any restrictions, bypassing T-REX limitations.

• Untrusted Data Functions: Spotfire will attempt to run these in restricted mode. If the script contains statements or calls (such as Native[file]) that are not permitted in restricted mode, the data function will be prevented from running and will error out until it is formally trusted.

• Safe Scripts: Data function scripts that stay within the scope of the restricted mode will continue to run without issues, even if untrusted.

Doc: Manage trust

• https://docs.tibco.com/pub/sfire-analyst/14.7.0/doc/html/en-US/TIB_sfire_client/client/topics/en-US/manage_trust.html 

Doc:System groups

• https://docs.tibco.com/pub/spotfire_server/latest/doc/html/TIB_sfire_server_tsas_admin_help/server/topics/system_groups.html 

Doc:Safeguarding your environment

• https://docs.tibco.com/pub/terrsrv/latest/doc/html/TIB_terrsrv_install/_shared/install/topics/safeguarding_your_environment.html 

To ensure all data function scripts run correctly on the TERR Service, follow these requirements:

• Saving/Publishing: The user saving the data function or the analysis file to the library must be a member of the Script Author group.

• If a data function script uses statements not available in restricted mode, the user executing the data function from the Analyst client on the TERR Service must also be a member of the Script Author group.

• Membership of the Script Author group grants permission to save scripts and data functions as trusted in the Spotfire library.

This article explains why data functions may encounter the error "Error: restricted call to Native[file]" when running on the Spotfire service for TERR (TERR Service), even if the terr.restricted.execution.mode flag is set to false.