Sharing, but with constraints

I’m part a group of approx. 100 people that share documents. There is a small core group of people (5 or so) that actually adds contents, the rest (approx. 100) just shares. We currently use Resilio Sync (btsync) but we’re considering to migrate to SyncThing.

There is, however, a constraint: membership needs to be controlled. New participants must be approved by the core group, and it must be possible to remove/disallow group members when necessary. This is not possible with Resilio Sync.

It seems that this is also not possible with SyncThing. As I understand it, with SyncThing any participant can add new participants and removing a participant must be done manually on all nodes.

Or maybe there are other means to obtain the desired functionality?

Adding a new device requires approving it on the other side as well. So for a new device to be able to sync with a central server it must be approved on the central server, to which you can control access.

However, it’s possible for someone to add another device that syncs with their laptop or whatever. This you can’t restrict. (And if you could, you’d have to run a pretty locked down environment for it to make sense - to protect against them adding the files to a Dropbox account, USB stick, uploading them to a website, etc. At that point I don’t think Syncthing is the appropriate solution to begin with.)

How would this look, in your ideal scenario?