Yes, I would use the role of the user to do this in combination with XPaths on the entities. So somebody with the role submitter always has the XPath to only show those tickets where the person is the owner of the ticket. Follow this learning path: https://gettingstarted.mendixcloud.com/link/module/96/lecture/787/9.1-Introduction
It gives you some better understading about the security of Mendix.
I would stick to the Ticket entity for all the fields that are generic to all the different tickets. But based on the Ticket type (make it an enumeration) I would create different objects for each of those types that holds the attributes for that specific ticket type. I would use a one on one association. Then you can also base on the enum do conditional visibility in the main ticket form so that it retrieves and shows the data over those associations.