How do you restrict a role from creating field extractions? There's event actions drop down for search results where they can define even types and field extractions. We have all of our data well defined and parsed already, and do not want this feature enabled for normal users.
There isn't an out-of-the box way so you would have to implement your own counter-measures. You can create your own capability and then schedule an hourly saved search that uses the REST API to query for transforms and if any are owned by users that do not have the capability (or role) that you designated, use the REST API to disable them. This actually sounds like a fun project for a Splunkbase app.
I don't think there is a specific capability for creating fields as such.
I couldn't find one in the docs, which is what I'm afraid of. It's surprising that there isn't a defined capability for this, because field extractions have CPU overhead.