# Access Provisioning

Unizin Data Warehouse (UDW) is a **full-service product**. To provision access for a new user, a [Member's UDW Sponsor team](https://resources.unizin.org/policies/general-policies/sponsor-teams) must email <support@unizin.org> with the necessary information (see below).

## Security measures <a href="#accessprovisioning-securitymeasures" id="accessprovisioning-securitymeasures"></a>

Unizin applies a number of security measures to user access to each Member's UDW. The following measures are taken for all new user access to an UDW:

1. An Institution's UDW [Sponsor Team](https://resources.unizin.org/policies/general-policies/sponsor-teams) must submit UDW access.
2. Usernames and passwords are randomly generated strings.
3. An IP allow list filters traffic to Member UDWs.

During UDW implementation, Members identify individuals who constitute the UDW [Sponsor team](https://resources.unizin.org/policies/general-policies/sponsor-teams). Sponsor team members "own" the UDW service at their institution and submit requests for access provisioning on their users' behalf.

## User provisioning process <a href="#accessprovisioning-userprovisioninguserprovisioningprocess" id="accessprovisioning-userprovisioninguserprovisioningprocess"></a>

Sponsor team members at a Member institution may request access to their UDW for themselves or for non-Sponsor team individuals.

If a non-Sponsor team individual requests access to their UDW, Unizin will refer that individual back to the Sponsor team.

All requests for access submitted [via email](https://resources.unizin.org/support-and-training#user-help-and-support) must include:

* For Individual Access:
  * Full name and email address of the individual whose access Unizin will provision.
* For Application Access:
  * If the account is for another application to access the UDW, include the name or a description of the application.
  * The name and email address of the primary contact for that application.

Personal information for the user allows for tracking of user accounts for later de-provisioning.

When access for the user is approved, Unizin Support will send the requestor a set of credentials that can be downloaded a single time from a generated URL. This URL may be forwarded to the user if desired.

## IP Allow list process <a href="#accessprovisioning-ipwhitelistingipallowlistprocess" id="accessprovisioning-ipwhitelistingipallowlistprocess"></a>

During an implementation of the UDW, a Member will provide a set of IP address ranges to an allow list. If this set needs to be modified at any time, a Sponsor team member may submit a Support Ticket.

All requests for IP allow listing changes must include:

* IP range in [CIDR](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) format.
* An indication if the IP range should be allow listed or removed from the allow list.

When the IP allow listing change has occurred, Unizin Support will send the requestor a confirmation.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://resources.unizin.org/products/data-and-analytics/unizin-data-warehouse/access-provisioning.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.