We are looking for ways to move our test data analyst from a non prod environment to our production environment. By doing so we need to control more tightly how our analyst can see data that is unmasked.

One of the features of the TDM Portal allows us to see random rows when inspecting a data model by clicking on "View random rows".

Reviewed the documentation about the Security Functions, but don't find a way to prevent that particular option to be show and available to the API.

Do we have roles to allow that specifically, or is it something that could be tweaked on TDM's part?

All supported TDM Releases.

Administrators or users with execute data profiling permission can call that particular API. However the option is always displayed.