Normally in Kentico when you create a role and give it permission to modify content, it can create and modify anything in the content tree. We recently had a project where we wanted users in the Blog Editor role to only be able to create and modify Blog Posts but not pages. Here is how we did that.
Create a Blog Editor role
In the Roles application, create a Blog Editor role.
Assign Blog Editor role to a user
In the Users application, assign a user to the Blog Editor role.
Set Permissions to allow the Blog Editor role to modify content
In the Permissions application, allow the Blog Editor role to modify the Content module for your website. At a minimum check Browse Tree, Read, Modify, Create, and Delete.
Prevent the Blog Editor role from creating content in the content tree
Go the Pages application. At the website root, open the Security tab.
Add the Blog Editor role and deny it all access except Browse Tree. This will prevent the role from modifying content throughout the site but still let it navigate the content tree to get to the Blog.
Allow the Blog Editor role to create and modify Blog Posts
Navigate to the blog on your website and open the Security tab. Click the Break Inheritance and remove parent permissions link to remove the deny permissions for the Blog Editor role.
Log in as a user in the Blog Editor role
Now when you log in (or impersonate) a user in the Blog Editor role they will be able to navigate the content tree but will not be able to modify any content.
However, at the Blog page they will be able to create Blog Posts.
The best part about this technique is that it can be applied to any role that you want to limit content creation for.