Here's a minimal example that works outside of sandbox but fails in sandbox:

def func = { 1 }; 
this.func2 = { 1 }; 
assert 1 == func(); 
assert 1 == func2.call(); 
assert 1 == func2(); // this line fails 

It appears as if the it.call() -> it() syntactic sugar, which afaik is part of the language spec, is not honored in restricted sandbox under certain circumstances that make it difficult to create dynamic functions; ideally, I'd like to do something resembling:

def files = sh(returnStdout:true,script:'ls vars/*.groovy'}.trim();
for(file in files){this."${file.subscript(5,file.size()-7)}" = load file; }

Unlike method signatures which can be whitelisted, because this is a language feature it does not appear to be possible to enable.