It should be possible to define permissions based on status in the workflow. So for example when an issue hits a specific status only certain roles are allowed to modify, while though still being visible to other roles.
