Yes, this is the current expected behavior. Security admin tool re-initialized .opendistro_security index based on filter types (roles, users, role-mapping or all ) . By default if you do not provide any filter it will re-configured entire .opendistro_security index from .yml config files.
If you want to avoid losing your per-configured roles, users and role-mapping, you should download current configuration using security admin tools and then make required changes into those configuration before using above command to upload it back.
To download existing configuration:
sudo sh securityadmin.sh -r -cacert /etc/elasticsearch/root-ca.pem -cert /etc/elasticsearch/kirk.pem -key /etc/elasticsearch/kirk-key.pem
This will dump the active configuration from your cluster to individual files (like roles.yml, internal_users.yml etc) in the current working directory. You can then modify these files and upload it back using below command.
sudo sh securityadmin.sh -cd ./ -icl -nhnv -cacert
/etc/elasticsearch/root-ca.pem -cert /etc/elasticsearch/kirk.pem -key
I hope this will help!