You might succeed if you use access rules on the entity ExpenseNote in the domain model.
So you would make 2 rules for the same userrole, where in the first rule the user has write access on EmailCustomer based on a status, for instance:
[Status = ‘CONCEPT’]
and a second rule where the user only has read access based on another status, for instance:
[Status = ‘SUBMITTED’]
Thanks Sjors, that makes sense!