Why is the trustworthy flag required to be enabled on the audit databases? Is it possible to function without it?
The way DirectAudit authorization/query engine works is by deploying a .NET assembly (a.k.a. DLL) inside the databases using a well-known technique called SQL CLR integration. The .NET assembly that Centrify deploys is responsible for accessing external resource (e.g. to make a connection from the DA management database to a DA Audit Store database, access local registry to enable database trace etc. etc.) and as a result, this assembly has to be deployed with EXTERNAL ACCESS permission set and to deploy an assembly in EXTERNAL ACCESS mode the database must be marked as TRUSTWORTHY (which is a Microsoft requirement). Therefore it is not possible for DA to function without the Audit Store databases being marked as trustworthy.