get_queryset() is designed to filter down a list of of available objects that a generic view can use. The reason that CreateView doesn't have one is because the purpose of CreateView is to create a new object to operate on (meaning that there shouldn't be anything in the database that can be queried).
You shouldn't use get_queryset() to control access to the view itself, only use it to filter down the available objects already within the database. Those two ideas sound similar, but are handled differently.
What you are likely looking for is a row level (per object) permission system (the built-in permission system is table level). There are several packages available to assist:
Many of the authentication packages also have authorization (permission checking) built in.
django-guardian is probably the most popular of all of these. I haven't used any of them personally.
The authorization package you choose should work in tandem with the get_queryset() methods you've probably already defined.
-James