Security Primary Key


I have setup Security by Group. I found out the unique primary key for user is the “login” field and it’s by username instead of userID.

I would like to know, is it possible to use user’s email as login Username and can I change the user Primary Key to new field such as userID and integer with auto increment.

If this is possible, please advice where should I look into to do that.

Thank you.

The security module is now created and can be modified any way you like as long as you don’t recreate as this will overwrite your modules. So yes, all you want to do is possible. Change the userid label to email address and change the field type to email so that the format will be ok. I don’t recommend changing primary keys etc. as this will influence all the other generated apps to allow you to set security. The more you want to change the more you need to create the security module by yourself. But I find the security model with all those checkboxes anoying and difficult to understand for end-users. So I made my own. Not realy rocket science.

It might be easiest to have the user use their email as the login if you want their email in all of the records for identifying the owner. The Security Module also assigns sc_set_global($usr_email), so you can just use that global variable for the identifier if you want.

On mine, I have the user create their login ID, then will grab whatever other info about them in the onValidate event in the Login app.

Either way, the default generated application is a good start. Looking into the code at the events etc. will give a great insight about the internal working of SC. I really advise you to look into this and try to understand what’s happening. It’s a huge source of learning how to do things.

Hi Albert and Travelr,

Thanks again. I’ll import the Event default application and will play around with it. Really appreciate help from both of you.


May I know where to change the login to use email field? I try go back to Security but it seems like it asking me to create a new Security. Please advice, thank you.


May I know where to change the login to use email field? I try go back to Security but it seems like it asking me to create a new Security. Please advice, thank you.

If you go to the security module SC will generate new applications which you don’t want. You need to dive into the code of the appropiate applications. The login is the place to change the userid into the email address by changing it’s type and label. There’s no need to change the tablefieldnames. You have to look in the several generated applications to see what else you need to change. Remove the email field from the screen if you use the userid already but apply a {email}={userid} in the onbeforeupdate and onbeforeinsert to ensure that the email address will be filled from the userid. That is important as SC will send email to the email address in the email field, not the userid field.

I’m getting ready to use the Security module for the first time. I’m used to having an actual “id” for the user_id, not a text field or email field. Is it safe to add this to the necessary tables as the PK after the Sec Mod has been generated? Will this increase my chances of a hassle down the line if I need to make changes to the Sec Mod?

Thanks in advance.

I don’t understand your question. If you don’t want a user name but a number then you can safely change the field to type integer. But you can also keep it text and allow only to enter numbers?