I've investigated the possibilities for limiting where a user can create/fork a repo in the Rhodecode web interface. It appears to me that this can only be set globally (either using the default settings or overriden by group adherence).
It would be desirable to able to limit this to a specific repository group for a specific user or users (belonging to a group).
E.g. in my company we create /users/<username> repository groups where users can create and fork to their hearts content, but elsewhere in the repository other rules apply.