First of, let me say that I fully agree with Sunil Bujade. The building block approach is the way to go when designing roles.
But if we're being practical, you could use authorization groups for tables (T-code SE54) and assign a custom auth. group to table T000. Then use this group to authorize (or actually not authorize) with object S_TABU_DIS.
Again, this is just a practical tip. The whole "create a role from SAP_ALL" thing is a totally different subject altogether.
Good luck!
Dimitri.