ACF2 - Enable Dataset pervasive encryption exclusion list

Idea created by FRENTT on Mar 21, 2019

    CA has recently deployed dataset pervasive encryption on ACF2.  We are in the process of implementing it across our organization.  Once it's enabled, it provides for the ability to create dataset masks that each application team can use to encrypt their data.


    What it doesn't provide, is for a way for applications to exclude datasets that they don't want encrypted.  This may seem to have an obvious answer - just don't bother coding a dataset mask in the dataset profile for those datasets that are to be excluded.  However, depending on how an application has named their datasets, they may have critical datasets as part of the same naming standard as their non-critical datasets, and they may want to exclude critical datasets from encryption until such a time as they have done more testing or renamed those datasets such that they won't be covered by encryption.  To get around their exclusion requirement, the ACF2 administrator would be restricted in setting up dataset masks and be forced into setting granular datasets in the dataset profile which defeats the purpose of using wildcard masks.  This makes administration of dataset pervasive encryption more complicated and time consuming.


    I would like to know if other applications have an appetite for the same requirements and would see the exclusion ability useful as well.