ACLs to allow external users to see change_requests in CSM portal widget

I want to show customers/external users to see change_requests in CSM portal, but only those associated with their customer_account. Is this possible?

As a regulatory requirement, we need to show change_requests to (external) customer users, when they affect them. These changes will be to present Standard changes on Products. and used to notify and link users to release notes for the product.

We have configured a "Data Table from Instance Definition" widget to show on the CSM home page. 
That widget is then visible. but (despite having implemented temporarily, a very open ACL for change_Requests - all external users can read all change_request records for that account) we can't see ANY Changes in the CSM portal.  The Widget is blank.  


I know I need to update both:
- the filter to limit changes only to those related to the users customer(s)
- the ACLs to ensure external users can access ONLY changes related their own customer(s)

But no matter what I have tried, I cannot get any changes to show, to an external user.  (I can see changes when I log into CSM with an internal user.)  

Is the above an appropriate approach, or is there a better approach?   Does CSM portal, or Change_Requests, get blanket blocked from viewing in CSM portal. ie don't respect ACLs? 

We prefer to use change_requests and request tasks as we see value in and intend to implement change management for Products using those records anyhow.  

We need to show notifications to customers only at the time their product is updated, which is why we've preferred not to use Announcements in CSM.