Whilst it makes sense to use the Customer Self Service Portal role to control security for all portal users, we consider it extremely important to record not only the date and time the note was created on the portal but also the user login that was used to create the note. Ideally with links back to the contact for that login.
Currently there could be numerous customer contacts using the portal for the one company and it is not possible to determine who created a specific note.
This seems to be a very important audit control missing at present and should receive priority.
Please contact me for more details if needed.