Hi Security 13 Team
You can obtain some of the transaction to S_TABU_DIS mapping where the transaction code is an SM30/31/34 call
To do this, you can go to table TSTCP in ALV mode and filter for PARAM contains '/*SM3*'. Within the PARAM results you can locate the tables/views/etc and then go to table TDDAT to look up the table to auth group mapping.
This will not give you transactions where the program contains a call for S_TABU_DIS. You might be able to look at SU24 data (USOBT_C and USOBX_C) to see if there are any proposals.
After that you may need to look at testing each transaction in the roles and mapping them out - back to your comment about testing/tracing each transaction.
As another consideration, if you are being asked to lock down S_TABU_DIS you should also consider removing it as much as possibly and granting S_TABU_NAM to the specific table instead.
Mess in a system is always time consuming to clean up.