Set the access rules for attribute X on entity level (in your domain model) to read/write for userrole Y, and read only for userrole Z.
On your form you need to leave the 'editability' of the field to 'Default'
Kevin, In the form create two rows. In the first row place the object in read only mode. In the second row make it editable. Set the conditions for visible of these rows to 'Make table row conditionally visible based on module roles'. For the first row select the roles that should read the entity, for the second row set the roles that should be able to write this entity.
Do not forget to set the entity access, because otherwise a smart user could hack the visibility with firebug and still write to this field. Always check entity access.