Access to view the security page under My Profile in order to generate tokens is managed by the Role type "View Security Page" action. For more information on roles and actions, please see here. This View Security Page action is an implicitly inherited action under both the View Main Pages action and the All Admin Actions action. This means that if a user's role permits them either the View Main Pages action or the All Admin Actions action, they will be able to view the Security page.
In order to prevent a user's role from having access to the Security page, both the View Main Pages action and the All Admin Actions action must be removed from their role. To make these changes, edit the Role in the Roles page. Uncheck the View Main Pages action and the All Admin Actions actions.
Then, under "Advanced", scroll down to the Security section and ensure that the View Security Page action is unchecked. You can also toggle on various other actions in the advanced section to restore the same functionality as the View Main Pages action. Note, that it is difficult to recreate all of the admin rights granted through the All Admin Actions action. So it is not recommended that you remove the All Admin Actions action for Blue Relay system-level administrators.
