...
admin: this user has full access to the tenants and can perform any operation on them and this its purpose(creation/modification/deletion/maintenance) and is reserved to this purpose only
searchadmin: this user has full access to the two tenants and can then read all the dashboards and visualization but can also modify them and create new ones
searchexpert: this user has full read access to the searchexpert_tenant, so he can visualize any dashboard and visualization from this tenant, but cannot modify them or add new ones. He does not have access to the admin_tenant.
...
You can add new users by either using the Kibana UI or the REST API or through the file [DATAFARI_HOME]/elk/elasticsearch/plugins/opendistro_security/securityconfig/internal_users.yml. Here is the official OpenDistro documentation concerning how to do with Kibana and the REST API: https://opendistro.github.io/for-elasticsearch-docs/docs/security/access-control/users-roles/#kibana
If you add new users with the file you will need to apply the changes by running the script [DATAFARI_HOME]/elk/elasticsearch/securityadmin_datafari.sh with the ‘datafari’ user. Also notice that the Datafari admin UI will only display the searchexpert and searchadmin users, not the other users you will create.
b. The roles
OpenDistro roles allow users to have read and/or write access to either index patterns, or tenants, or both.
...