I would probably suggest something like this:
- Store who moved case C1 from S1 to S2 in an association (e.g. to System.User Case_User_changedStatus or to Administration.Account Case_Account_changedStatus)
- Add an xPath on the DataGrid that contains something like:
[Status=’S1’ or
(Status=’S2’ and Case_User_changeStatus!=’[%currentUser%]')]
This will allow them to see all in S1 and only S2 if they are not the user who changed the status
- If only Admin user roles are allowed to see the entity / data you set that on the Entity Access constraints