if not maybe you can assist me in this. 

I do not want certain users to be able to create new leads. I have managed to take away certain permissions, but i noticed a loop-hole. A user can take a lead and edit the COMPANY, FIRST NAME, LAST NAME, PHONE NUMBER and EMAIL... this essentially can turn one lead into another. 

Thus.... creating a new lead. 

i could block those fields from being edited... but sometimes i need that. e.g. some leads dont have a first name yet, some don't have a phone number yet. 

I figured if i blocked COMPANY as an editable field (read only), this could help. However, when i try to do this... the box is grayed out. 

any suggestions?  thanks!