You can read more about permissions at Metabase to find the right "mix" that works for you.
There are roughly two main permission "knobs", if we're talking about the end user.
- Data permissions
- Collection permissions
It seems what you're trying to achieve calls for "No self service" (Data permission) and "View" (Collection permission). That way, users in the affected group* will not be able to ask questions, nor to create new collections, rename things, etc.
It is not possible to disable/remove personal collections.
*Keep in mind that in Metabase you set the permissions to a user group, not the individual user!