If a site implementing z/OS pervasive encryption is assigning ISCF key labels to datasets based on their high-level qualifier by associating the key label with the existing dataset ownership of the high-level qualifier, how can some data sets with the same high-level qualifier be excluded from being assigned the key label (i.e. excluded from encryption)?
For example, the following command associates an ICSF key label with an existing data set ownership for all data sets with the ACCT high-level qualifier, resulting in data sets allocated with the high-level qualifier ACCT being assigned the ICSF key label ACCT_SECURE_KEY.
TSS ALTADD(ACCDEPT) DSN(ACCT) DSKEY(ACCT_SECURE_KEY)
But what if we want to prevent data sets that begin with ACCT.*.FRED.MARY. from being encrypted?
Would adding a second, more specific data set name ownership to the same owner ACID without specifying a DSKEY accomplish this? .e.g..
TSS ADD(ACCDEPT) DSN(ACCT.*.FRED.MARY.)
Thank you.