Hi. You need check security setting in WF steps. I think in your case in setting action avaliable only for User2. Also you need check "User access" tab in request type. May be this set as "Edit" = All. I recommend set security via tokens for examnple "REQ.P.Assigned_to_user_id" i.e For more information see DemandMngCG.pdf and security and tokens. Good Luck.
You could use the Status Dependencies tab in the request type to make the fields non-editable at this step. This would also prevent the approver from modifying the field, though. Depending on the functions the approver is allowed to do, this may be reasonable.