Currently one dataset as example, SYSTEST.-, There are so many acf2 dataset access rules (various second, third level qualifier etc) defined under the SYSTEST, it go up to 4 to 5 nextkeys. If a site has 400 rules defined under SYSTEST, and a site does not want to repeat those 395 rules in DFP segment and assign the same "DFP(TEST)" to each one, how can a site just exclude 5 datasets from encryption.
Out of 400, if i need to exclude only 5 rules from the encryption,
SET PROFILE(DATASET) DIVISION(PROFILE)
PROFILE
compile
ACFAB010 ACF PROFILE COMPILER ENTERED
. $KEY(SYSTEST)
. - DFP(TEST) -> it allow all the datasets (400 rules) to encryption under the highlevel SYSMAINT
. ACF2.CAI.BKUP -> if i code without dfp(test), is it mean this particular dataset excluded from the encryption?
. ACF2.CIA.JCL
. ACF2.CICS.JCL
. ACF2.CICS.SYSOUT
. ACF2.CICSQA.ACFW22
Please advise whether the above rule will work or if there are any other methods to exclude the minimum datasets?
Release : 16.0
Component : CA ACF2 for z/OS
The way to exclude datasets in the compiled PROFILE(DATASET) DIVISION(PROFILE) records is by specifying DFP(XXXXXXX) where there is no DFP Profile record and the dataset will be excluded. If a DFP record does not exist dataset encryption will not be done. For example:
$KEY(SYSTEST)
- DFP(TEST) -> it allow all the datasets (400 rules) to encryption under the highlevel SYSTEST
ACF2.CAI.BKUP DFP(XXXXXXX)
ACF2.CIA.JCL DFP(XXXXXXX)
ACF2.CICS.JCL DFP(XXXXXXX)
ACF2.CICS.SYSOUTX DFP(XXXXXXX)
ACF2.CICSQA.ACFW22 DFP(XXXXXXX)
Where XXXXXXX there are no DFP Profile record.