Possibly you are no longer licensed for components which these objects are called from in their concepts.

In that case the ability to start the component objects should be removed as well.

Of course if some Z-programs checked these objects or SAP's own "package concept" extended syntax checks did not respect them then you might have problems.

This should normally only apply to manual authorization instances, as if you had upgraded the roles and regenerated them, then you would not have this problem (in the roles).

It tells us something about how you or someone else without any training have built these roles (or subsequently mucked them up...)...

When reading stuff like this, I am always of two minds...

1) SAP should make the concepts simpler and more intuitive to use without "cowboy" activities allowed by users with SAP_ALL etc.

2) Customers should bleed for their own sins for not training people appropriatly (here, faking CV's is also ma major pest!).

It is always a bit of a cat & mouse game and ends up in forums such as SDN in the long run.

Some of it might also have become "available" to be used by SAP (I believe it was the 6.20 upgrade which installed everything...).

Real bugger. I would accept it and test as best you can. You can also compare "where.used-lists" and "code scans" before and after the upgrade to see whether it is used by foreign repository objects.

The scan is more reliable here, as sometimes the object name itself is a variable from a data declaration or condition which you cannot see in the "procedural" code.

Cheers,

Julius