remove safe attributes on update?

I have…

array('username, password, email', 'safe', 'on' => 'insert'),

            array('password, email', 'safe', 'on' => 'update'),

In my rules… but I can still update username field? Shouldn’t only password and email be able to update with this rule?

Do you have other rules for username?

Ah yes i see… if there are other rules they will be made safe automatically :) working now