Use these commands in wsadmin to remove users and groups from default roles.
To remove a user or group's default authorization permissions, remove them from the default role or roles to which they currently belong.
$AdminTask removeUserFromDefaultRole {-bus busName -role roleName -user userName}
$AdminTask removeGroupFromDefaultRole {-bus busName -role roleName -group groupName}
$AdminConfig save