Archive Mode¶
Introduced: v1.2 (PLAN-1606)
Archive Mode turns a Cesivi web (site) or list/library into a read-only audit surface. All write operations are rejected while the container is archived. Administrators can browse, search, and export content normally, but no data can be added, changed, or deleted.
Use cases¶
- Retire a project site while preserving it for compliance review.
- Lock a list after a data migration to prove it was not tampered with.
- Satisfy a legal-hold requirement that forbids modification without destroying the list.
How to enable Archive Mode¶
Via Cesivi ControlCenter¶
- Open Cesivi Control Center in your browser (default:
http://localhost:15020). - Click Archive in the top navigation bar.
- The page lists all webs and their lists with current archive state (Active / ARCHIVED).
- Click Archive next to the web or list you want to retire.
- Confirm the dialog. The state change is applied immediately and an audit entry is written.
Via REST API¶
Archive a web:
POST /_api/web/setarchivemode
Content-Type: application/json
Authorization: Basic <admin-credentials>
{ "archive_mode": true }
Archive a single list:
POST /_api/web/lists/getbytitle('MyList')/setarchivemode
Content-Type: application/json
Authorization: Basic <admin-credentials>
SPWebPath: RootWeb
{ "archive_mode": true }
Both endpoints require site administrator credentials. Non-admins receive 403 Forbidden.
What gets rejected¶
When archive_mode is true on a web or list, the following operations are blocked:
| Protocol | Blocked operations |
|---|---|
| REST | POST (create item/file), PATCH/MERGE (update), DELETE (delete item/list/file) |
| CSOM | ListItem.Update(), ListItem.DeleteObject(), List.Items.Add(), Web.Update() |
| SOAP | UpdateListItems (New/Update/Delete), DeleteList, AddList |
| OData batch | Any changeset write targeting an archived container |
Read operations are always permitted — GET /_api/web/lists/..., CSOM Load(), SOAP GetListItems all work normally.
Error envelopes¶
REST / OData:
{
"error": {
"code": "-2147024891, System.UnauthorizedAccessException",
"message": {
"lang": "en-US",
"value": "Web is archived (read-only). Use X-Cesivi-Archive-Override header with admin credentials to bypass."
}
}
}
403 Forbidden
CSOM:
{
"ErrorInfo": {
"ErrorMessage": "Web is archived (read-only).",
"ErrorCode": -2147024891,
"ErrorTypeName": "System.UnauthorizedAccessException"
}
}
-2147024891 (0x80070005) to ServerUnauthorizedAccessException.
SOAP:
<faultcode>0x80070005</faultcode>
<faultstring>Web is archived (read-only).</faultstring>
UI indicators¶
- Top banner: An amber bar
ARCHIVED — this site is read-only. Modifications are not permitted.appears at the top of every page when visiting an archived web. - NewForm / EditForm: An inline amber warning replaces the toolbar, and the Save button is disabled.
- List views (AllItems, etc.): The "New" toolbar button and bulk-edit ribbon are disabled.
Admin override¶
An administrator can bypass the archive gate for a single request by adding:
X-Cesivi-Archive-Override: true
to the HTTP request, in addition to admin credentials. The override is:
- Accepted only when the caller has IsSiteAdmin = true.
- Logged in the audit trail with "override": true.
- Not a persistent setting — each bypassed request needs the header.
Example:
POST /_api/web/lists/getbytitle('MyList')/items
X-Cesivi-Archive-Override: true
Authorization: Basic <admin-credentials>
Audit trail¶
Every archive state change is recorded in two audit systems:
1. Classic SP audit table (backwards-compat)¶
| Field | Value |
|---|---|
kind |
"archive_state_change" |
scope |
"web" or "list" |
web_path |
Server-relative URL of the web |
list_title |
List title (list-scope flips only) |
previous |
Previous archive_mode value |
next |
New archive_mode value |
override |
true if the admin-override header was present |
source_ip |
IP address of the caller |
Stored as SPAuditEventType.Custom (100), retrieved via:
GET /_api/web/GetAuditEntries
2. WORM audit log (v1.2+)¶
State flips are also published as ArchiveModeToggled envelopes to the durable WORM audit log. This entry is tamper-resistant and survives host restarts. See ARCHIVE_AUDIT.md for the full operator guide.
View in ControlCenter → Archive → Audit Log (filter by ArchiveModeToggled).
Unarchiving¶
Unarchiving restores full write access immediately. Use the same REST endpoints or ControlCenter toggle:
POST /_api/web/lists/getbytitle('MyList')/setarchivemode
{ "archive_mode": false }
Or in ControlCenter: click Unarchive next to the archived entry.
Scoping rules¶
- Web-level archive: rejects writes to ALL lists in that web, regardless of their individual
archive_modeflag. - List-level archive: rejects writes to ONLY that list; sibling lists in the same web remain writable.
- If both the web and a specific list are archived, unarchiving the web alone does not unarchive the list's own flag.
Troubleshooting¶
| Symptom | Cause | Fix |
|---|---|---|
| 403 on every write despite unarchiving | List has its own archive_mode=true flag |
Also unarchive the list via ControlCenter |
| Override header not working | Caller is not a site admin | Ensure credentials have IsSiteAdmin = true |
| Banner not showing | ArchiveModeMiddleware cache (30 s TTL) | Wait 30 seconds or cycle the server; the cache is per-request and expires quickly |
CSOM ServerUnauthorizedAccessException on write |
Error code 0x80070005 from archive gate | Check archive_mode on the target web/list |
| --- |
See also: Archive Admin Bundle — ControlCenter Quick Tour
See also: Archive Tools Operator Guide
See also: Tutorial G — SharePoint On-Premises Retirement Archive
See also: Cesivi Archive Variant A — Whitepaper
See also: Compliance Cookbook — HIPAA/GDPR/SOX/FRCP
See also: Archive Cluster Deployment Guide