Any user can be assigned to a content item, also when he does not have access to it. In that case the user will have the content in his assigned list, but is unable to open the content.
When the current user is assigned to a content item he must have WRITE rights to it, also if he doesn't have it because of the workflow state rights.
I think the change must be made in integrated\workflow-bundle\Security\WorkflowVoter.php
Configuration:
Make sure you install the WorkFlowBundle first: https://bitbucket.org/eactive/integrated-workflow-bundle/overview
Go to Manage - Workflow. Add a new workflow. The new workflow needs a name and some states. For example: Draft and Published. One state needs to be the default. Write permissions for the default state need to be available for specific groups only.
Go to the menu: Manage - Content types. Edit a content type. Choose the Workflow you just created for this content type.
Create content and assign a user.
Note: workflow configuration is saved in ORM (mysql)