Natively, the best you can do is set up a kludge whereby the users are blocked from creation - this is ugly because they can still go and start the create process, but then it fails validation, so they've been misled into entering their data only to be told it's not valid.
Add-ons such as the Behaviours function in the Script Runner can make this far better for the users by disallowing options, but still won't protect a determined user.
The only way to do this "properly" are to move bugs into their own projects so that you don't have to allow "create" in the main project for your users, or hack the core code.
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG