You should be able to simulate using RSECADMIN.
Also split your roles into multiple parts based on criticality.
For example Authorizations based on company code / G/L / Cost center would be the most critical because it is more for data exclusion. The next list would be Data inclusion - like roles that give you access to SD data and last would be supplementary roles like report execution etc.
You could simulate using RSECADMIN or create test users with specific set of rules to test access for the same. The first list would have to pass , the second and third list would not be tests on the critical path which might hold up the upgrade.