SQL Server doc, topic Create Database Audit Specification, on Sub-topic Permissions, says:
Users who have the ALTER ANY DATABASE AUDIT permission can create database audit specifications and bind them to any audit.
The user I am working on auditing the non-system db-s does not have the ALTER ANY DATABASE AUDIT permission granted on any of the non-system db-s. But it has granted the CONTROL SERVER permission.
As for the doc, I should not be able to create and manage database audit specifications. In fact I do.
Am I missing something, or the documentation is wrong on this issue?