How to turn off data function trust feature for Spotfire and TERR Service
Article ID: KB0070541
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 10.3.0 and higher |
Description
Spotfire data function trust feature is enabled by default to check if a data function to be executed has come from a trusted source.
When data function trust feature is disabled in Spotfire, the behavior would be just like the trust concept does not exist. There will be no dialog popping up asking for trust. This applies to data functions with all types of scripts, including TERR scripts, Open source R scripts, python scripts, inline terr scripts as well.
How to turn off data function trust feature for Spotfire and TERR Service?
When data function trust feature is disabled in Spotfire, the behavior would be just like the trust concept does not exist. There will be no dialog popping up asking for trust. This applies to data functions with all types of scripts, including TERR scripts, Open source R scripts, python scripts, inline terr scripts as well.
How to turn off data function trust feature for Spotfire and TERR Service?
Issue/Introduction
How to turn off data function trust feature for Spotfire and TERR Service
Environment
All supported systems
Resolution
1. For TIBCO Spotfire Analyst/Business Author/Consumer: Set the IgnoreTrustCheckpreference to true
You can turn off this data function trust feature for "Everyone" through Spotfire menu "Tools > Administration Manager > Preferences > DataFunctions > IgnoreTrustCheck" and edit IgnoreTrustCheck to true.
2. For TERR Service (if used): Set the disable.spotfire.trust.checks configuration property on the TERR service to true.
You can disable the data function trust check for TERR service by setting its configuration property " disable.spotfire.trust.checks" to TRUE.
The property " disable.spotfire.trust.checks" for a live TERR service instance is specified in a configuration file named "custom.properties", which is typically located in the Node Manager Server TERR Service subfolder "services > TERR service > conf", for example:
C:\tibco\tsnm\10.3.1\nm\services\TERR service Windows-1.2.0.38-9b96d2c7-116d-4004-ba91-602ad479b50e\conf
To configure the property " disable.spotfire.trust.checks" for the TERR service node, please follow the instructions documented in the Configuring the TERR service section of the TERR Service Installation and Administration manual, that is, exporting the TERR service properties, editing the exported property file to have property " disable.spotfire.trust.checks: TRUE", importing the edited property file (giving a new configuration name), and then applying the new configuration through "Nodes & Services" under the administration console for Spotfire Server. TERR service will restart to read the new configuration.
Note:
In a situation where user is executing data functions with TERR scripts through TERR Service from Web player, user must switch off trust checking by setting the Tools menu preference to TRUE, and also change the disable.spotfire.trust.checks configuration property on the TERR service to TRUE. Setting either of these options without setting the other may cause unexpected results. So it is recommended to turn off both trust checking properties.
Warning:
Setting scripts and data function trust check feature off results in all Spotfire data functions executing unrestricted.
When allowing a script to run within an analysis, it is important to consider security. A script or data function written by a malevolent person could potentially perform unexpected or undesired actions. Therefore, we strongly recommend that you ensure that your service is fully secured, that engine containers are enabled, and that network access from the containers is limited (using a firewall) to only necessary servers and ports.
For more information about script and data function trust, see the product guide documents "TIBCO Spotfire® Analyst User's Guide" and "TIBCO Spotfire® Administration Manager User's Guide" which can be found in the Spotfire Analyst section of the documentation site.
You can turn off this data function trust feature for "Everyone" through Spotfire menu "Tools > Administration Manager > Preferences > DataFunctions > IgnoreTrustCheck" and edit IgnoreTrustCheck to true.
2. For TERR Service (if used): Set the disable.spotfire.trust.checks configuration property on the TERR service to true.
You can disable the data function trust check for TERR service by setting its configuration property " disable.spotfire.trust.checks" to TRUE.
The property " disable.spotfire.trust.checks" for a live TERR service instance is specified in a configuration file named "custom.properties", which is typically located in the Node Manager Server TERR Service subfolder "services > TERR service > conf", for example:
C:\tibco\tsnm\10.3.1\nm\services\TERR service Windows-1.2.0.38-9b96d2c7-116d-4004-ba91-602ad479b50e\conf
To configure the property " disable.spotfire.trust.checks" for the TERR service node, please follow the instructions documented in the Configuring the TERR service section of the TERR Service Installation and Administration manual, that is, exporting the TERR service properties, editing the exported property file to have property " disable.spotfire.trust.checks: TRUE", importing the edited property file (giving a new configuration name), and then applying the new configuration through "Nodes & Services" under the administration console for Spotfire Server. TERR service will restart to read the new configuration.
Note:
In a situation where user is executing data functions with TERR scripts through TERR Service from Web player, user must switch off trust checking by setting the Tools menu preference to TRUE, and also change the disable.spotfire.trust.checks configuration property on the TERR service to TRUE. Setting either of these options without setting the other may cause unexpected results. So it is recommended to turn off both trust checking properties.
Warning:
Setting scripts and data function trust check feature off results in all Spotfire data functions executing unrestricted.
When allowing a script to run within an analysis, it is important to consider security. A script or data function written by a malevolent person could potentially perform unexpected or undesired actions. Therefore, we strongly recommend that you ensure that your service is fully secured, that engine containers are enabled, and that network access from the containers is limited (using a firewall) to only necessary servers and ports.
For more information about script and data function trust, see the product guide documents "TIBCO Spotfire® Analyst User's Guide" and "TIBCO Spotfire® Administration Manager User's Guide" which can be found in the Spotfire Analyst section of the documentation site.
Feedback
Yes
No
Powered by
