Top Secret

 View Only

 Excluding data sets from pervasive encryption

Rich Juchniewicz's profile image
Rich Juchniewicz posted Feb 06, 2024 03:06 PM

If a site implementing z/OS pervasive encryption is assigning ISCF key labels to datasets based on their high-level qualifier by associating the key label with the existing dataset ownership of the high-level qualifier, how can some data sets with the same high-level qualifier be excluded from being assigned the key label (i.e. excluded from encryption)? 

For example, the following command associates an ICSF key label with an existing data set ownership for all data sets with the ACCT high-level qualifier, resulting in data sets allocated with the high-level qualifier ACCT being assigned the ICSF key label ACCT_SECURE_KEY.


But what if we want to prevent data sets that begin with ACCT.*.FRED.MARY.  from being encrypted? 

Would adding a second, more specific data set name ownership to the same owner ACID without specifying a DSKEY accomplish this? .e.g..


Thank you.