First of all, prepare your work. I have used a worksheet (excel) where I have put for each profile all new values I want : the new profile, the new password, the new owner of objects, … all the values to change.
then work with one test profile :
- transfert data to the 400 (the MasterOfChange)
- build and run as CLP&RPG as necessary to serve each target.
When ready, run on all profiles
for example, to change each object owner, work on an object list (CLP : DSPOBJD *ALL/*ALL … outfile(aFile))
then (RPG) read the file & uses the MasterOfChange to determine action to run (CLP to CHGOBJOWN, …)
For profile themselves,
-1- create all new profiles, test them, put them in production, disable old profiles, wait one or two weeks then
-2- delete old profiles with option to change object owner to the new profile.
If object property was correctly transfered before this would not be necessary, but this is theory. in real life, there is always surprises.
preserve all you tools, if you encounter any error, you will have to re-run your tools.
After finish, have in mind you know can weekly re-apply your security rules : tools are availables and tested.