You need to add security constraints to your entity. They can be based on XPath. Your user needs two of them. One for read only (without any xpath constraint) and one for the objects you can write to. This needs to include an xpath like this:

[not(MyFirstModule.Person_Schedule/MyFirstModule.Person)]

This means, that this rule is only applied if there is no person on the other side of the Person_Schedule association.