137 PAM.PrivilegedAccounts.Custody.List: List all credentials under user’s custody
139 PAM.PrivilegedAccounts.Credentials.List: List all credentials
Role 139 corresponds to the permission that enables listing all registered credentials within the system for the specific user. On the other hand, role 137 allows listing credentials only in cases where the user has custody of the credential.
The custody of the credential indicates that the user has control and responsibility for accessing the information protected by the credential. This approach contributes to a more granular level of security, ensuring that only authorized and trustworthy users gain access to protected resources through their respective credentials.