yes I can, but from what you are describing, scripting out the roles and permissions from production and executing it on the dev server will not give you what you want (users having more permissions on dev)

Would it not be easier to simply run a pre-built script that has your necessary grant statements and/or sp_addrolemember SP calls?