Creating Users in OpenSearch for ElastiFlow

This guide describes how to create internal users and roles in OpenSearch that can read and search ElastiFlow data without full administrative privileges.

Create an Internal User

1. Log in as the admin user and navigate to Security → Internal Users.

2. Click Create User.

3. Fill out the form:

   • Username

   • Password (and confirmation)

4. Click Create to save the user.

Create a Role

1. Go to Security → Roles and click Create role.

2. Name the role, e.g. elastiflow-readonly.

3. In the Cluster Permissions section, add:

   • cluster_composite_ops_ro

4. In Index Permissions, use these patterns:

   • elastiflow-*

   • .kibana*

5. And apply the following permissions:

   • read

   • search

6. In the Tenant Permissions section:

   • Select global_tenant

   • Set to Read only access

7. Click Create to save the role.

Map the User to the Role

1. From the elastiflow-readonly role page, open the Mapped users tab.

2. Click Manage mapping.

3. Select the newly created user.

4. Click Map.

Test the New User

• Open a private browser window.

• Log in with the new user.

• Select the Global tenant when prompted (ElastiFlow dashboards are stored here).

External Authentication Mapping (Optional)

If you're using an external provider (SAML, LDAP, RADIUS), map the backend role sent by the IdP to this internal role:

• Go to Roles → elastiflow-readonly → Mapped backend roles

• Add the backend role (e.g. elastiflow-readonly) sent by your IdP

Users will now be able to access ElastiFlow Dashboards and data with the appropriate read-only permissions.