on my Plone 5 website I've got the issue, that normal users (so without Manager role or higher) are not able to EDIT existing content, once it is externally published.
They need to set the status on "internal", though they're still able to add new content.
Customize the related workflow. In particular adjust the role mapping for the Modify Portal Content permission.
These permissions are usually managed by the workflow definition.