How to migrate opensearchDashboards.index from .kibana to .opensearch_dashboads

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):

OpenSearch v3.1 / AlmaLinux 9.6 / Safari

Describe the issue:

I would like to get rid of .kibana naming on system indexes. So, as per sample config I tried these settings:

opensearchDashboards.index: ".opensearch_dashboards"
opensearchDashboards.configIndex: ".opensearch_dashboards_config"

I assumed that now whatever internal user is defined at opensearch.username should have sufficient permissions on .opensearch_dashboards* indexes in order for this to work. And indeed, checking the reserved kibana_server role, it seems that by default now instead of giving permissions only for .kibana it also does for the .opensearch_dashboards counterparts, which is good.

However, when I restart the opensearch dashboards I get:

{"type":"log","@timestamp":"2025-08-21T11:41:34Z","tags":["warning","savedobjects-service"],"pid":814455,"message":"Unable to connect to OpenSearch. Error: security_exception: [security_exception] Reason: no permissions for [] and User [name=iteskibanauser, backend_roles=[], requestedTenant=null]"}

From the audit logs, I see:

{
  "audit_cluster_name": "mycluster",
  "audit_node_name": "mycluster-node",
  "audit_trace_task_id": "Vm_hXz7bTfWOhJucpgEfYg:20470857",
  "audit_transport_request_type": "IndicesAliasesRequest",
  "audit_category": "MISSING_PRIVILEGES",
  "audit_request_origin": "REST",
  "audit_node_id": "Vm_hXz7bTfWOhJucpgEfYg",
  "audit_request_layer": "TRANSPORT",
  "@timestamp": "2025-08-21T11:43:59.203+00:00",
  "audit_format_version": 4,
  "audit_request_remote_address": "::1",
  "audit_request_privilege": "indices:admin/aliases",
  "audit_node_host_address": "XXX.XXX.XXX.XX",
  "audit_request_effective_user": "iteskibanauser",
  "audit_node_host_name": "XXX.XXX.XXX.XX"
}

So, I created yet another security role, called server_workaround that provides indices:admin/aliases cluster permission and (just in case) same index permission on * indexes. Still, same security exception persists.

Then, just for testing, I mapped my iteskibanauser internal user to all_access security role, to see if that would help, but it didn’t, still getting the same security exception.

FYI, that’s the roles iteskibanauser has:

{
  "user_name" : "iteskibanauser",
  "is_reserved" : true,
  "is_hidden" : true,
  "is_internal_user" : true,
  "user_requested_tenant" : null,
  "backend_roles" : [ ],
  "custom_attribute_names" : [ ],
  "tenants" : {
    "global_tenant" : true,
    "iteskibanauser" : true
  },
  "roles" : [
    "readall_and_monitor",
    "server_workaround",
    "iteskibanauser_extra",
    "kibana_user",
    "security_rest_api_access",
    "all_access",
    "kibana_server"
  ]
}

And now I am out of ideas of how I could make this work. Please let me know if there is a simpler way or any secret permission I should provide.

If anyone reaches here, the solution was to add .opensearch_dashboards alias to .opensearch_dashboard_1 index.

curl -XPUT "https://localhost:9200/.opensearch_dashboards_1/_aliases/.opensearch_dashboards"

Problem is that naturally this now comes empty, while all my objects are at .kibana_1 and .kibana_2. Not sure how the migration should go, or if it’s even possible. I tried reindexing kibana_* indexes into .opensearch_dashboards, but still I don’t see my old objects.

Whatismore, now whenever I try to create any object I get:

no permissions for [] and User [name=sokratis, backend_roles=[...], requestedTenant=null]