If an ACID has CASECAUT(TSSCMD.USER.*.NOPW) ACCESS(USE), will the ACCESS(USE) prevent the user from successfully issuing a TSS command (ie TSS REPLACE) that modifies ACIDs to have NOPW?

- Yes. With CASECAUT(TSSCMD.USER.*.NOPW) ACCESS(USE), the ACID is only able to see PASSWORD = *NOPW* when listing an acid that had NOPW, but the ACID can not do TSS REPLACE(acid) PASSWORD(NOPW). This fails with:

TSS1610E Not Authorized to use NOPW keyword         
TSS0301I  REPLACE  FUNCTION FAILED, RETURN CODE =  4

- In order to be allowed to do TSS REPLACE(acid) PASSWORD(NOPW), ACCESS(UPDATE) is required to CASECAUT(TSSCMD.USER.*.NOPW). This allows the ACID to do TSS REPLACE(acid) PASSWORD(NOPW), but it can not see PASSWORD = *NOPW* when listing an acid that had NOPW.

- If the ACID needs to be able to both modify an acid to have NOPW and list the acid and see PASSWORD = *NOPW*, the acid will need both ACCESS(UPDATE) and ACCESS(USE) to CASECAUT(TSSCMD.USER.*.NOPW):

  TSS PER(acid) CASECAUT(TSSCMD.USER.*.NOPW) ACCESS(USE,UPDATE)

NOTE: It is highly recommended to AVOID NOPW on ACIDs. In the next release of Top Secret (release 17), NOPW ACIDs are not allowed.