CUD access

The prerequisite for all access is to request personal access to the CUD User Interface (CUD UI)

To request access to the CUD UI, please use the service request linked from the IAM service requests page.

The initial request for access must be supported by a signed terms and conditions of CUD access form.  The signed form can either be scanned and attached to your service request, or returned to:

Once you have access to the CUD UI you can request access to additional service interfaces. Refer to the CUD interfaces introduction for details of the various service interfaces to determine which best suits your needs.  You are welcome to contact IAM if you're not sure, or need advice as to which may be best.

For requests to register for REST interface access please use the service request linked from the IAM service requests page.

For requests to register for non-REST interface access, please use the following email template to request access via a new service interface.

When completing the email

• the ITSS section should be answered Y/N, depending on whether you appear in the ITSS register
• if you are not on the ITSS register you must provide a Reason for access, including why you are requesting access and the purpose CUD data will be put to
• the ITSS Managers section requires a list of ITSS members with /itss principals, such as unit0001/itss, who should be given access to download kerberos principals or other credentials generated as a result of this request.  At least one must be provided
• the Machine FQDN is the fully qualified network name of the server or service which will be using the interface, for example host.oucs.ox.ac.uk
• the Interface requested should be one or more of:
  • REST  
  • SOAP query
  • SOAP push
  • SQL Push
  • LDAP push
• If your request is for a REST or SOAP interface, and GSSAPI+Kerberos authentication is not supported by the software which will be used to access CUD, please include this information in Interface requested

Additional attributes are attributes that are not included in the CUD attribute set, these are available on application.  You must have a good reason for using additional attributes, access to which will be considered in consultation with the data owner.

Requests for access to additional SITS attributes (those within the "cud:uas_sits:" namespace) should normally be submitted by IT Support Staff.  The Identity and Access Management team will then seek further authorisation from the local Information Custodian, and/or Student Systems in the case of attributes deemed especially sensitive.

Please use the following email template to request access to additional attributes:

When completing the email

• the ITSS section should be answered Y/N, depending on whether you appear in the ITSS register
• you must provide a Reason for access whether or not you are ITSS
• the SSO username/service principal name is the name of the login which requires access to the additional attributes.  In the CUD UI this will be an SSO username.  For other interfaces this will be the kerberos service principal name which has already been granted access to CUD (usually via SQL Push or REST interface), and its name is normally in the form cud/<host fqdn>@OX.AC.UK
• Additional attributes requested is the list of names of the additional attributes requested, taken from the complete list of attributes.

Please note that for requests to release additional SITS attributes (those within the cud:uas_sits: namespace), we will need to seek approval from the local Information Custodian (IC).

Once you have access to CUD, the following links will help you get started:

CUD UI for simple searching
CUD REST query examples
CUD REST interface client user guide