You need to:
1) Record ownership (on the domain modeler open you entity and tick Store 'owner')
2) Create access rules for read all attributes for your user role
3) Create access rules for read/write required attributes for your user role and within the Xpath Constraint tab click "Owner" (you can also type in manually "[System.owner='[%CurrentUser%]']")
After you've completed the above steps, you should have the first rule allowing users to read all objects, and the second rule covering edit rights over owned objects.
Hope this helps