JIRA is permissive rather than restrictive (with one exception). You don't set it up so that people are stopped from doing things, you set it up so that they have to be allowed to do it.
For issue edits, have a look at the permission scheme for the project. That lets you say "only people who match this rule can edit the issue". It is done at a project level though, not issue type. If I have edit in project X, I can edit all the issue types.
For issue transitions you have more flexibility. A transition can be protected with a "Condition". So we can do things like "to go from open to in-progress, a user must be in the role of developer in the project". That's done in the workflow though, and you can set issue types to use different workflows. So a bug might have that developer condition, but a story might be "only project admins"
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.