Thanks Jim for clarification!
Basically, we don't want any touch point directly with ServiceNow because of security issues.
App Broker will only communicate to Mulesoft and Mulesoft to ServiceNow.
We had imported Flexera Software App Broker Update Set For ServiceNow (Madrid).xml in ServiceNow for integration purpose.
Plus we added below roles to our App Broker ServiceAccount...
Will there be same set of Roleset to be defined in Mulesoft?
Click Edit, and select the following from the collection, and add them to the Roles List.
Please note that both options I mentioned in my earlier post would give you the result you're looking for (App Broker only communicating with Mulesoft and only Mulesoft communicating with ServiceNow). I don't know anything about Mulesoft, so I can't tell you what permissions App Broker will need to talk to Mulesoft. But whatever account Mulesoft is using to talk to ServiceNow will need to have that same set of roles to update what needs to be updated in ServiceNow.