firewalld: Question on Usage (Best Practices/Opinion )

As I get more requests in from my customers to help them automate the deployments of their applications, I'm dealing more with firewalld rules. Initially, when I've been adding ports for applications, I'd been using the firewall-cmd --permanent --add-port=NNN/proto method. As I was poking around teh intarwebz researching other problems (SELinux can make running firewall commands via boot-init scripts a bit of a pain). At any rate, I'd stumbled on a document that covered creating service-definitions so that a given application might have all its port needs satisfied by firewall-cmd --permanent --add-service=<AppName>. When dealing with applications that have need of multiple ports/protocols/etc., distributing a service definition-file and then activating that single service seems like a no-brainer. Just wonder if there's shortcomings to that method or whether anyone has any experience — positive or negative — using that method.