[REQUEST]: Document new Fleet API for removing root privilege from Fleet-managed Elastic Agents

[jillguyonnet]

Description

9.3.0 will introduce a new feature in Fleet that allows the user to remove root privilege from Fleet-managed Elastic Agents, i.e. switch from privileged to unprivileged mode.

This feature is one way only (it cannot be used to grant root privilege) and is limited as follows:

• The Elastic Agent must be on version 9.3.0 or higher.
• The Elastic Agent must not be assigned to an agent policy that contains integrations that require root privilege (e.g. System).
• The Elastic Agent must not be a Fleet Server agent.

Root privilege can be removed through the API:

• Single agent: POST /api/fleet/agent/{agent_id}/privilege_level_change
• Multiple agents: POST /api/fleet/agents/bulk_privilege_level_change

Or the UI (cf. screenshots in elastic/kibana#237790).

Resources

• Main dev issue: Handle new action for switching Agent from privileged to unprivileged mode elastic-agent#4973
• Fleet API PR:
  • [Fleet] Add agent/{agent_id}/privilege_level_change API kibana#233350
  • [Fleet] New endpoint to bulk change agents privilege level kibana#236326
• Fleet UI PR: [Fleet] Agent privilege level change UI kibana#237790

Collaboration

The documentation team will investigate the issue and create the initial content.

Point of contact.

Main contact: @jillguyonnet

Stakeholders: @elastic/fleet