Making a browse-only model and hiding definitions

This feature is available in Analytica Enterprise and Optimizer.

When you are ready to let others use the models you have created, you might want to save it as browse-only, so that end users can only change the variables you have designated as inputs (by making input nodes for them). You might also want to hide definitions of variables or functions to protect confidential or proprietary data or algorithms.

With Analytica Enterprise, you can save models that are locked as browse-only and with hidden definitions, using these steps:

  1. Hide selected definitions in your model, for entire model, modules, or by variable.
  2. Save your master model file (and any filed submodules) so that you can still view and modify it yourself.
  3. Select Save a copy from the File menu, and check Lock and encrypt and optionally Save as a browse-only model copy to save an encrypted copy — that is a file scrambled into a non-human-readable form.
  4. Distribute the encrypted copy to your end users.

The third step permanently locks your model so that hidden definitions can never again be viewed in that copy. It is therefore recommended that you save a protected copy of your model, and leave your original model as a master (unprotected) copy. Until the model is stored in an encryped form (step 3), an end user is not prevented from unhiding your definitions, or from viewing them by other means (e.g., by loading the Analytica model file into a text editor).

An encrypted model file cannot be decrypted, even by the original author. If it is locked as browse-only, it can never again be edited. If definitions are hidden, they can never again be viewed or edited. Always place a master copy of your model (and any sub-modules) in a safe place before making an encrypted copy.

Hiding and unhiding definitions

To hide the definition of a single variable or function, select its node and select Hide Definition(s) from the Object menu, so it becomes checked. You cannot hide multiple nodes, except by hiding all nodes in a parent module. To hide the definitions of all objects in a module:

  1. Select the node of the module in its parent diagram, or open the module and select no nodes inside it.
  2. Select Hide Definition(s) from the Object menu, so it becomes checked.

If a variable, function, or module is hidden, when you try to view its definition, it displays:

[Definition is Hidden]
The definition of a variable with an input node is always visible regardless of whether it or its parent module is marked as Hidden.

Unhiding and inheritance of hiding

Definition hiding is inherited down the module hierarchy. If you hide a module, you hide the definitions of all the objects that it contains, including its submodules and all the objects that they contain — unless you explicitly unhide an object or submodule, in which it or the objects it contains are not hidden. To unhide a variable, function, or module:

  1. Select its node in its parent diagram.
  2. Select Unhide Definition(s) from the Object menu, so it becomes checked.

In the module hierarchy shown below, module Mo1 is hidden, and therefore so are the objects it contains, module Mo2, Va1, and Va2. But module Mo3 is unhidden, and therefore so are the objects it contains, Va3 and Mo4. However, object Va4 is itself explicitly hidden.

Browse-only 1.png
The Hide Definition(s) and Unhide Definition(s) menu options are disabled if the current model, or any of its filed submodules, has been encrypted. In this case, encryption has locked hiding in place.

After hiding the definitions you want, you can view your model to check everything is as you want. You can still Unhide items if you want to view or edit them. But, after saving the model in encrypted form, no one, even you, can view hidden definitions or edit any variables that are not inputs, even if they open the model file in a text editor. That’s why it’s important that you save a master copy for your own use.

Saving an encrypted copy of your model

When you are ready to save an encrypted copy of your model, select Save a Copy In from the File menu.

Browse-only 2.png

Enter a filename that is different than the filename of your master copy, to make sure that you retain an editable version for your self.

Check Lock and encrypt the copy at the bottom of the dialog to save the model in an encrypted form that makes any hidden definitions unviewable, even if you try to edit the file.

Check Save as a browse-only model if you also want to prevent users from changing any variables not designated as inputs. In that case, the model is locked in browse-only mode, even if the user runs the model with an Analytica edition that normally allows editing.

Optionally check Save everything in one file by embedding filed modules to produce a single file that can be distributed. If your model is utilizing unlocked filed modules, the content in those may remain exposed unless you use this option (alternatively, you can link to locked copies of those modules in your main model before saving your main model in a locked form). Even if you do not lock your model, this option can provide a convenient way to distribute your model as a single file to end-users, or to bundle it for upload to the Analytica Cloud Player. Publish to cloud on the File menu saves everything in a single file automatically during the upload.

A browse-only model is always encrypt to prevent anyone from editing the source Analytica file. Thus, it automatically checks Lock and encrypt the copy and the Save in XML format option is not available.

If you want end users to be able to use other Enterprise features, such as database access, file reading and writing, Huge Arrays, or performance profiling, they need the Power Player — or their own Enterprise edition. Enterprise and Optimizer-level features are available to users viewing your model through the Analytica Cloud Player (ACP).

When a browse-only model (saved as such from Enterprise) is loaded into Analytica Professional, it runs it in Power Player mode, so that database access, etc., is available.

Filed libraries and submodules

When your model utilizes filed libraries or submodules, you need to be very careful that the module files you distribute to your users are indeed encrypted or locked as you intend, while at the same time ensuring that you do not accidentally encrypt your master copies of these modules. Because locking a model as encrypted or browse only is an irreversible operation, it is extremely important that you don’t accidentally lock your master versions. If your model uses filed libraries or filed modules, to avoid inadvertently making these mistakes, it is highly recommended that you embed all modules and libraries check in your encrypted copy by checking Save everything in one file by embedding filed modules.

When you save a copy of your model without checking the Save everything in one file by embedding filed modules option, it saves a locked copy only of the top-level model file. The locked status of any filed modules remain in their original state, such that individual module files may remain non-encrypted or editable. If you don’t want to embed all filed modules in your encrypted copy, then you’ll need to save an encrypted copy of each submodule individually, and then use “Add Module...” with the Link and Merge options to switch your model to using the locked copy, prior to saving a copy of your top-level model.

You can distribute locked copies of libraries or modules, allowing other model developers to utilize those libraries without being able to view your proprietary definitions (when they are encrypted) or being able to modify the libraries (when locked as browse-only). When using locked libraries, certain operations involving objects in those modules are restricted. You cannot embed an encrypted sub-module within a non-encrypted module, but you can use it as a filed module. Embedding an encrypted module in an encrypted module is allowed. Various operations that might allow a user to gain access to your hidden definitions are disallowed, such as moving an object with a hidden definition from an encrypted module to a non-encrypted module.

See Also


You are not allowed to post comments.