Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-11957: Why is the trustworthy flag required to be enabled on the audit databases? Is it possible to function without it?

Auditing and Monitoring Service ,  

18 September,19 at 09:27 PM

Question:
Why is the trustworthy flag required to be enabled on the audit databases? Is it possible to function without it?

User-added image

Answer:
The way DirectAudit authorization/query engine works is by deploying a .NET assembly (a.k.a. DLL) inside the databases using a well-known technique called SQL CLR integration. The .NET assembly that Centrify deploys is responsible for accessing external resource (e.g. to make a connection from the DA management database to a DA Audit Store database, access local registry to enable database trace etc. etc.) and as a result, this assembly has to be deployed with EXTERNAL ACCESS permission set and to deploy an assembly in EXTERNAL ACCESS mode the database must be marked as TRUSTWORTHY (which is a Microsoft requirement).  Therefore it is not possible for DA to function without the Audit Store databases being marked as trustworthy.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.