I believe Xavier's suggesion is a more appropriate one because it relies on the built-in access control features, but that can also be achieved with the extension I have written for limiting the amount of objects that users can create:
http://ez.no/developer/contribs/datatypes/ez_user_create_limit Hope you find it useful.