Hi, I have a general question about a specific scenario regarding effective usage of UI forms taking into consideration ACLs and roles. I know there is some articles out there for similar topics but still I am not sure there is a satisfactory answer, so here goes:

Imagine the case - let's say we are talking about an instance with a very large number of end users, with large portions of the work being handled round-the-globe as there is a requirement for multiple people to be able to see and comment on multiple tickets (here by tickets I am referring to incidents and requested items mainly). Pretty much the scenario of every large company out there:)

Out of the box, there are several ServiceNow's rules which we are taking into account when we talk about no-role users:

1. Only the person who opened the ticket is able to modify it

2. As far as visibility, apart from the creator and the the people who are on the watch list are able to see the ticket

3. Any modification of the ticket can be done only by a user who has a role (=license)

Following are my questions to this scenario:

A) Regarding visibility, placing a no-role read ACL on the ticket table would make the records searchable and read-only visible to users. Am I right to think this is a valid and legal approach?

B) If a requirement is for end users to be able only to add customer comments to tickets, would that still be a modification of the ticket? Purely from a logical point of view, this should not be a modification of the ticket as no attribute is being changed, it's only the comments added. Just like adding comments via reply to an email message but using the tool instead, which in the end is what it's all about.

So again, am I right to think that allowing no-role end users to enter ONLY customer comments in tickets is a valid and legal approach?