Another way to do this is to use the default identifiers as indicated, but then add the highlighted column using the UUID when you need open (insecure) access to the element.
I think this will work very well:
class Widget { String uuid static constraints = { uuid unique: true } def beforeInsert() {
Then you can use a controller like this:
// url: app/public/widget/48b5451a-0d21-4a36-bcc0-88b129852f1b PublicController { def widget() { Widget w = Widget.findByUuid(params.id) ... } }
This is indexed automatically, so it is not too slow, and the UUID is only used when viewing the widget publicly. If you are logged in, you can perform security checks and just use app/widget/edit/1 or something similar.
I would not rely on a "random number" as a safe means. Guessing numbers work even if the numbers are not sequential. It is almost impossible to guess the UUID, comparatively. However, if you have login accounts, authorization checks are best.