Thanks for the reply, however, I am looking for some official comments from Pega.
There is also something interesting... Your link to 7.1.9 stated:
"Enable the common language run time (CLR) on the database to enable User-Defined Functions"
But in 7.2.2, it is stated:
"If you plan to use user-defined functions (UDF), the common language run time (CLR) is enabled on the database."
Anyway, restricting functionality of any software through permission granting is never a good practice in any software implementation, which would subject the project to greater unknown risk.
I am now looking more at the basis of this CLR concern, which is basically security. In this aspect, I am now exploring if Pega UDFs can be run with the SAFE permission sets, which I believe it could, again, I need Pega Support to confirm:
To provide a little more clarity around the use of UDFs, they should only be necessary if you're reporting on unexposed columns. Starting at some point in Pega 7.x (I'm not sure exactly when), nothing out of the box should require you to use the UDFs, so they aren't required.
My guess is that since it is related to RD with unexposed columns, technically speaking if there are any DPage that sourced from RD or any activity that invokes RD, the same issue could also happen, not necessarily related to reports itself, right?
Although I am on 7.2.2, which is likely under your mentioned list, I have heard of issues in the fields related to UDF being disabled. I am sure GCS would render all the necessary support if issues are found, however, given that my project is on a challenging timeline with no room for patching or trial-and-error, I would still err on the safer side and propose enabling CLR with the SAFE permission set for now: