In the Default Token Controller UI under section Security Settings, the roles required to carry out an action like saving or adding a token can be defined.In case an action like "delete token" is not desirable in general, one can use a role that no one has in the system.
When configuring access rights, it is usually necessary to specify corresponding REST access control rules. These rules can be configured in Adminapp >> Access Control >> REST Access Controller. Otherwise, it is possible that buttons are shown in the UI, but REST calls caused by a button get blocked.