Step 1: Create a dump file of security system information using lsdump

The lsdump utility has an option "-addRoleMapping" that can be used when either a profile or security class is dumped. This option dumps both the data for the profile or class but also include roles associated with the profiles or classes ("role mappings") and the users assigned to the roles.

lsdump syntax

To dump a profile with role mapping:

lsdump -f filename PROFILE profileID -addRoleMapping

where

filename = the name of the dump file you will create

profileID = the name of the profile

To dump security classes with role mapping:

lsdump -f filename SECCLASS profileid secclassname1,secclassname2 -addRoleMapping

where

filename = the name of the dump file you will create

profileID = the name of the profile that contains the security classes

secclassname1 and secclassname2 = the names of the security classes you want to dump. Separate multiple security classes with commas (no spaces).