How to Manage OpenSearch Users

Validated on 21 Jan 2025 • Last edited on 17 Jun 2025

OpenSearch is an open-source search and analytics suite which serves as a centralized location to manage logs forwarded from other resources, such as databases and Droplets.

OpenSearch database clusters come configured with a default administrative user (doadmin). The doadmin user is necessary for cluster replication and administration, so you can’t delete it, but you can add additional users and modify their privileges individually.

By default, every database cluster is publicly accessible. To limit access, you can add trusted sources.

You can also manage OpenSearch users by creating access control lists (ACLs) with the API.

Tip
If you connect to the database cluster with preconfigured connection details from the cluster’s Overview page, you can edit them to use a different user and password or a different database.

You can currently only manage OpenSearch users via the API or CLI.

Create or Delete a Database User Using the CLI

How to Create a Database User Using the DigitalOcean CLI
  1. Install doctl, the official DigitalOcean CLI.
  2. Create a personal access token and save it for use with doctl.
  3. Use the token to grant doctl access to your DigitalOcean account. 
    doctl auth init
  4. Finally, run doctl databases user create. Basic usage looks like this, but you can read the usage docs for more details: 
    doctl databases user create <database-cluster-id> <user-name> [flags]
    The following example creates a new user with the username example-user for a database cluster with the ID ca9f591d-f38h-5555-a0ef-1c02d1d1e35: 
    doctl databases user create ca9f591d-f38h-5555-a0ef-1c02d1d1e35 example-user
How to Delete a Database User Using the DigitalOcean CLI
  1. Install doctl, the official DigitalOcean CLI.
  2. Create a personal access token and save it for use with doctl.
  3. Use the token to grant doctl access to your DigitalOcean account. 
    doctl auth init
  4. Finally, run doctl databases user delete. Basic usage looks like this, but you can read the usage docs for more details: 
    doctl databases user delete <database-cluster-id> <user-id> [flags]
    The following example deletes the user with the username example-user for a database cluster with the ID ca9f591d-f38h-5555-a0ef-1c02d1d1e35: 
    doctl databases user delete ca9f591d-f38h-5555-a0ef-1c02d1d1e35 example-user

Create, Update, or Delete a Database User Using the API

How to Create a Database User Using the DigitalOcean API
  1. Create a personal access token and save it for use with the API.
  2. Send a POST request to https://api.digitalocean.com/v2/databases/{database_cluster_uuid}/users.

cURL

Using cURL:

curl -X POST \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
  -d '{"name": "app-01"}' \
  "https://api.digitalocean.com/v2/databases/9cc10173-e9ea-4176-9dbc-a4cee4c4ff30/users"

Go

Using Godo, the official DigitalOcean API client for Go:

import (
    "context"
    "os"

    "github.com/digitalocean/godo"
)

func main() {
    token := os.Getenv("DIGITALOCEAN_TOKEN")

    client := godo.NewFromToken(token)
    ctx := context.TODO()

    addUserRequest := &godo.DatabaseCreateUserRequest{
        Name: "app-01",
    }

    user, _, err := client.Databases.CreateUser(ctx, "88055188-9e54-4f21-ab11-8a918ed79ee2", addUserRequest)

}

Python

Using PyDo, the official DigitalOcean API client for Python:

import os
from pydo import Client

client = Client(token=os.environ.get("DIGITALOCEAN_TOKEN"))

add_user_resp = client.databases.add_user(database_cluster_uuid="ab7bb7a", body={"name": "app-01"})
How to Update a Database User Using the DigitalOcean API
  1. Create a personal access token and save it for use with the API.
  2. Send a PUT request to https://api.digitalocean.com/v2/databases/{database_cluster_uuid}/users/{username}.

cURL

Using cURL:

curl -X PUT \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
  -d '{"settings": {"acl": [{"topic": "events", "permission": "produce"}]}}' \
  "https://api.digitalocean.com/v2/databases/9cc10173-e9ea-4176-9dbc-a4cee4c4ff30/users"

Go

Using Godo, the official DigitalOcean API client for Go:

import (
    "context"
    "os"

    "github.com/digitalocean/godo"
)

func main() {
    token := os.Getenv("DIGITALOCEAN_TOKEN")

    client := godo.NewFromToken(token)
    ctx := context.TODO()
    userName := "test-user"

    updateUserRequest := &godo.DatabaseUpdateUserRequest{
      Settings: {
        ACL: [
          {
            Permssion: "consume",
            Topic: "events",
          }
          {
            Permission: "produce",
            Topic: "metrics",
          }
        ]
      }
    }

    user, _, err := client.Databases.UpdateUser(ctx, "88055188-9e54-4f21-ab11-8a918ed79ee2", userName, updateUserRequest)
}
How to Delete a Database User Using the DigitalOcean API
  1. Create a personal access token and save it for use with the API.
  2. Send a DELETE request to https://api.digitalocean.com/v2/databases/{database_cluster_uuid}/users/{username}.

cURL

Using cURL:

curl -X DELETE \
  -H "Content-Type: application/json" \
  -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \
  "https://api.digitalocean.com/v2/databases/9cc10173-e9ea-4176-9dbc-a4cee4c4ff30/users/app-01"

Go

Using Godo, the official DigitalOcean API client for Go:

import (
    "context"
    "os"

    "github.com/digitalocean/godo"
)

func main() {
    token := os.Getenv("DIGITALOCEAN_TOKEN")

    client := godo.NewFromToken(token)
    ctx := context.TODO()

    _, err := client.Databases.DeleteUser(ctx, "9cc10173-e9ea-4176-9dbc-a4cee4c4ff30", "app-01")
}

Python

Using PyDo, the official DigitalOcean API client for Python:

import os
from pydo import Client

client = Client(token=os.environ.get("DIGITALOCEAN_TOKEN"))

delete_resp = client.databases.delete_user(database_cluster_uuid="aba134a", username="backend_user1")

We can't find any results for your search.

Try using different keywords or simplifying your search terms.