Explanation of an issue fixed in Suite 2016 involving sessions that are split across multiple databases
Centrify DirectAudit version 3.2.3 and lower on all platforms
Users with reviewer permissions to the DirectAudit Audit Analyzer may only see a partial list of sessions while someone with the Master Auditor role can see all sessions. The session was recorded while the Audit Store DB was being rotated.
One possible explanation for this behavior is the session was recorded while the Audit Store DB was being rotated. When a session is spread across two databases it can cause an issue for users with the Reviewer permissions because of the way the console behaves in this situation. Since it only does a permissions check for the first database and not the second the reviewer is only allowed to review the session data from the first database.
This issue is resolved in version 3.3.0 (Server Suite 2016). Starting in this version if a session is spread across multiple databases it has new logic to request permissions from all databases containing the session record so that the reviewer can see entire session.