Hi O.K
I had mentioned do not create a SAP All display up in my comments.
Julius is correct - you will have a bunch of people either roll their eyes and dismiss your comment or jump in with examples such as the comments in this blog (there was another blog that had a heap more activity and then the author removed it)
Creating an SAP_ALL Display Only Role
From a practicality point of view I do build a form of display all for non production systems. I do copy SAP_All and then I got through each object to remove a heap of access. I used to think I could build this once and then add to my kit bag for future use, however, system versions and component activation impacts this. It takes ages to build as you have to go through each object. And even then I can't guarantee it's 100% (risk point of view, it's non production)
However, recommending this for Production is not a good idea. The whole goal is here to prevent change not take a stab at it.
Already, the approach you recommended is only a small slice of restricting access. The other blog that was removed had a heap more examples. One of my comments was ACTVT = 03 is not the only display (you have 08, 09 etc) and ACTVT is not the only field that controls activity levels. As well as that some objects are for modify only and some transactions/programs/function modules/etc were never designed to be display on.
I take the assumption if SAP could build such a role and guarantee it to be display all without risk of liability if the role doesn't restrict, then they would have build and deployed it already. End of the day, they know a heap of customers make this attempt.
Regards
Colleen