Do we need to really log-out and log-in again to make authorization changes effective?

Whenever any changes were made to the user authorizations, normally it is required to log-out and log-in again to make these changes effective.

Here is an alternative:

Execute the report RSUSR405 in SE38. This would refresh all user-related buffers and changes to the authorizations are made effective immediately..