"Security role to user/group mapping" is reset after installing or uninstalling maintenance updates.
"Security role to user/group mapping" information is written in the each application's ear (ex. Blogs.ear).
When maintenance update is installed or uninstalled, the fix application process repackages the EAR, then calls to re-install the EAR. It forces the node synchronization which overwrites what's actually there in DM and Node config directory.
Resolving the problem
If you have customized security role mappings in the WebSphere Application Server Integrated Solutions Console for the IBM Connections applications, these customized security roles will be needed to be re-mapped.