[Feature Request] Add option to turn off possibility of archiving for project members

[danymat]

Hello,

Right now, we see that all person as project members in a project can archive it.
However, we think it can be a process issue as it means that everyone on the pentest can archive the project and we want to restrict archiving and unarchiving only to global archivers.

Would it be possible to consider an option to let only global archivers to archive/unarchive like:

PROJECT_MEMBER_CAN_ARCHIVE_PROJECTS=false

This could do one of those:

1. Do not let Project Members be used as archive/unarchive person
2. Let them be used as archive/unarchive person but they can't trigger the archiving by themselves.

What is your point of view regarding this option ?

[aronmolnar]

We can implement this and we suggest the following implementation details:

If this option is set, only archiving users are allowed to archive projects and restore projects. This means that encryption happens with fewer encryption keys and it will be more difficult to keep up the quorum for restoring projects (this could lead to availability problems).

If a user is project member and at the same time an archiving user, the user will still have the permission to archive and restore projects.

This cannot be applied to already archived projects. If this system is necessary to be applied to already-archived projects, they must be restored and rearchived after the option was set.

[MWedl]

Implemented setting PROJECT_MEMBERS_CAN_ARCHIVE_PROJECTS (enabled by default) in https://github.com/Syslifters/sysreptor/releases/tag/2025.12

[danymat]

Thanks, will try it out !