Yep. It's possible that additional authorizations were only just made effective depending on how the role has been maintained previously.
If an authorisation default was maintained, or updates were delivered by SAP, but the role profile has been maintained manually until now (as opposed to compared) then it might be that the new authorisation defaults have only just been brought in.