Dear Uche,
We also face these kind of requirement when a new security note is applied which some times mandates certain authorization restrictions.
What we do is replicate the new role with the new restrictions in the quality system and create a new Test ids. We use to do our regular activities for a period of time using these test ids and once we find that there is no impact on our regular work we replicate the same thing in production to our regular ID.
Authorization can be some times be a show stopper. Therefore I recommend you to test it out in your quality environment for some of the users and then clone them to your production environment
Regards
Gajesh