You can prevent users from creating/editing by creating validation rules. For example, you can prevent all users except "this.is.a.username" user from editing work items, by following these steps:
1) Go to Settings >> Configure >> select Work Item on the left hand side >> Create New >> Validation rule;
2) Set runtime to "Every time a record is created or edited";
3) Set evaluation criteria to CurrentUser() <> "this.is.a.username";
4) Set any error message you'd like users to see when they attempt to edit work items.
I hope this helps.