I ran into a similar issue (although I was using fetchxml through liquid, rather than using the API). It seems Power Pages appends all the table permissions as extra link-entities to any fetchxml queries that are sent to dataverse.

For any tables that are also used in your table permissions, try giving those link-entities an alias and see if that helps.

This blog post was helpful for me. In liquid, you can view the full query that is being sent using the .xml attribute (details in the post). If there's an equivalent for the api you could try that, too.