Hi,
correct me if I am wrong, but your users are able to submit new pages of your type, not new page types. You could achieve what you desire by setting a visibility condition on your File field (utilizing {% CurrentUser.IsAuthenticated |(identity)GlobalAdministrator%} macro expression for instance).
You are talking about permission denied on downloadable File field - the above will prevent the user who is not authenticated to see the field and if you are using a repeater to display the pages of your type, you might need to hide the File field in the transformation used by the repeater. Regrettably you can not set permissions on per field basis so if the user would know the link to the file, they would be able to access it. To prevent them from doing so, you would have to restrict the permissions for the whole page.
Hope this helps
Regards
Marek Fesar