diff --git a/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts b/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
index 22bbf1bb45..f8f5bce37a 100644
--- a/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
+++ b/packages/nocodb/src/middlewares/extract-ids/extract-ids.middleware.ts
@@ -11,6 +11,7 @@ import type {
   NestMiddleware,
 } from '@nestjs/common';
 import {
+  Audit,
   Base,
   Column,
   Filter,
@@ -159,6 +160,16 @@ export class ExtractIdsMiddleware implements NestMiddleware, CanActivate {
         id: req.query?.fk_model_id,
       });
       req.ncBaseId = model?.base_id;
+    } else if (
+      [
+        '/api/v1/db/meta/audits/:auditId/comment',
+        '/api/v2/meta/audits/:auditId/comment',
+      ].some((auditPatchPath) => req.route.path === auditPatchPath) &&
+      req.method === 'PATCH' &&
+      req.params.auditId
+    ) {
+      const audit = await Audit.get(params.auditId);
+      req.ncBaseId = audit?.base_id;
     }
     // extract base id from query params only if it's userMe endpoint or webhook plugin list
     else if (
diff --git a/packages/nocodb/src/utils/acl.ts b/packages/nocodb/src/utils/acl.ts
index 1501d27e84..09fcc2a89e 100644
--- a/packages/nocodb/src/utils/acl.ts
+++ b/packages/nocodb/src/utils/acl.ts
@@ -92,6 +92,7 @@ const permissionScopes = {
     'swaggerJson',
     'commentList',
     'commentsCount',
+    'commentUpdate',
     'hideAllColumns',
     'showAllColumns',
     'auditRowUpdate',
@@ -197,6 +198,7 @@ const rolePermissions:
       commentList: true,
       commentsCount: true,
       commentRow: true,
+      commentUpdate: true,
     },
   },
   [ProjectRoles.EDITOR]: {