Skip to content

Archive Mode

Introduced: v1.2 (PLAN-1606)

Archive Mode turns a Cesivi web (site) or list/library into a read-only audit surface. All write operations are rejected while the container is archived. Administrators can browse, search, and export content normally, but no data can be added, changed, or deleted.


Use cases

  • Retire a project site while preserving it for compliance review.
  • Lock a list after a data migration to prove it was not tampered with.
  • Satisfy a legal-hold requirement that forbids modification without destroying the list.

How to enable Archive Mode

Via Cesivi ControlCenter

  1. Open Cesivi Control Center in your browser (default: http://localhost:15020).
  2. Click Archive in the top navigation bar.
  3. The page lists all webs and their lists with current archive state (Active / ARCHIVED).
  4. Click Archive next to the web or list you want to retire.
  5. Confirm the dialog. The state change is applied immediately and an audit entry is written.

Via REST API

Archive a web:

POST /_api/web/setarchivemode
Content-Type: application/json
Authorization: Basic <admin-credentials>

{ "archive_mode": true }

Archive a single list:

POST /_api/web/lists/getbytitle('MyList')/setarchivemode
Content-Type: application/json
Authorization: Basic <admin-credentials>
SPWebPath: RootWeb

{ "archive_mode": true }

Both endpoints require site administrator credentials. Non-admins receive 403 Forbidden.


What gets rejected

When archive_mode is true on a web or list, the following operations are blocked:

Protocol Blocked operations
REST POST (create item/file), PATCH/MERGE (update), DELETE (delete item/list/file)
CSOM ListItem.Update(), ListItem.DeleteObject(), List.Items.Add(), Web.Update()
SOAP UpdateListItems (New/Update/Delete), DeleteList, AddList
OData batch Any changeset write targeting an archived container

Read operations are always permittedGET /_api/web/lists/..., CSOM Load(), SOAP GetListItems all work normally.

Error envelopes

REST / OData:

{
  "error": {
    "code": "-2147024891, System.UnauthorizedAccessException",
    "message": {
      "lang": "en-US",
      "value": "Web is archived (read-only). Use X-Cesivi-Archive-Override header with admin credentials to bypass."
    }
  }
}
HTTP status: 403 Forbidden

CSOM:

{
  "ErrorInfo": {
    "ErrorMessage": "Web is archived (read-only).",
    "ErrorCode": -2147024891,
    "ErrorTypeName": "System.UnauthorizedAccessException"
  }
}
The CSOM client runtime maps error code -2147024891 (0x80070005) to ServerUnauthorizedAccessException.

SOAP:

<faultcode>0x80070005</faultcode>
<faultstring>Web is archived (read-only).</faultstring>


UI indicators

  • Top banner: An amber bar ARCHIVED — this site is read-only. Modifications are not permitted. appears at the top of every page when visiting an archived web.
  • NewForm / EditForm: An inline amber warning replaces the toolbar, and the Save button is disabled.
  • List views (AllItems, etc.): The "New" toolbar button and bulk-edit ribbon are disabled.

Admin override

An administrator can bypass the archive gate for a single request by adding:

X-Cesivi-Archive-Override: true

to the HTTP request, in addition to admin credentials. The override is: - Accepted only when the caller has IsSiteAdmin = true. - Logged in the audit trail with "override": true. - Not a persistent setting — each bypassed request needs the header.

Example:

POST /_api/web/lists/getbytitle('MyList')/items
X-Cesivi-Archive-Override: true
Authorization: Basic <admin-credentials>


Audit trail

Every archive state change is recorded in two audit systems:

1. Classic SP audit table (backwards-compat)

Field Value
kind "archive_state_change"
scope "web" or "list"
web_path Server-relative URL of the web
list_title List title (list-scope flips only)
previous Previous archive_mode value
next New archive_mode value
override true if the admin-override header was present
source_ip IP address of the caller

Stored as SPAuditEventType.Custom (100), retrieved via:

GET /_api/web/GetAuditEntries

2. WORM audit log (v1.2+)

State flips are also published as ArchiveModeToggled envelopes to the durable WORM audit log. This entry is tamper-resistant and survives host restarts. See ARCHIVE_AUDIT.md for the full operator guide.

View in ControlCenter → ArchiveAudit Log (filter by ArchiveModeToggled).


Unarchiving

Unarchiving restores full write access immediately. Use the same REST endpoints or ControlCenter toggle:

POST /_api/web/lists/getbytitle('MyList')/setarchivemode
{ "archive_mode": false }

Or in ControlCenter: click Unarchive next to the archived entry.


Scoping rules

  • Web-level archive: rejects writes to ALL lists in that web, regardless of their individual archive_mode flag.
  • List-level archive: rejects writes to ONLY that list; sibling lists in the same web remain writable.
  • If both the web and a specific list are archived, unarchiving the web alone does not unarchive the list's own flag.

Troubleshooting

Symptom Cause Fix
403 on every write despite unarchiving List has its own archive_mode=true flag Also unarchive the list via ControlCenter
Override header not working Caller is not a site admin Ensure credentials have IsSiteAdmin = true
Banner not showing ArchiveModeMiddleware cache (30 s TTL) Wait 30 seconds or cycle the server; the cache is per-request and expires quickly
CSOM ServerUnauthorizedAccessException on write Error code 0x80070005 from archive gate Check archive_mode on the target web/list
---

See also: Archive Admin Bundle — ControlCenter Quick Tour

See also: Archive Tools Operator Guide

See also: Tutorial G — SharePoint On-Premises Retirement Archive

See also: Cesivi Archive Variant A — Whitepaper

See also: Compliance Cookbook — HIPAA/GDPR/SOX/FRCP

See also: Archive Cluster Deployment Guide