Using RBAC (Role Based Access Controls) within AIX (and forced in VIOS) I discovered it was a bit of a pain to NOT have the ability to do everything as the padmin user. Typically you can add yourself to have a role (or some roles) which you can swap into. However, this can be a bit of an issue if you use ssh keys and don’t know your password.
As I only required a backup account (with full padmin access) in case the primary padmin account was locked out etc… I created a secondary account with a default role. This way, you automatically get that role upon login. In the case of the PAdmin role, you have the right to break out of the restricted shell with an oem_setup_env call. Here is what I done to accomplish it:
ssh padmin@VIOSERVER1
create an user, and set roles = PAdmin and shell = /usr/bin/rksh
chuser -attr default_roles=PAdmin USERID (replace USERID with the user you just created)
passwd USERID (set a password)
setkst (commit)
Upon next login, you will automatically have the PAdmin role access (without having to switch roles and provide your password). So if you wanted to break out of the restricted shell, simply type oem_setup_env and your are golden.
Note: If you upgrade the IOS level of your VIOS machine, it will probably set your user(s) that were set this way back to default. So login as padmin, run the chuser command (specifying the default_roles again) and commit it.