How to create users to open bugs only

Natively, the best you can do is set up a kludge whereby the users are blocked from creation - this is ugly because they can still go and start the create process, but then it fails validation, so they've been misled into entering their data only to be told it's not valid.

Add-ons such as the Behaviours function in the Script Runner can make this far better for the users by disallowing options, but still won't protect a determined user.

The only way to do this "properly" are to move bugs into their own projects so that you don't have to allow "create" in the main project for your users, or hack the core code.

As Nic said, there isn't a good way to do it. The separate project is the cleanest way. Issue level permission has been requested since before I started using JIRA in 2006 so I don't see it being implemented.