By default, all users who can create incidents will also be able to define new incident types and subtypes. In an organization with a fixed incident taxonomy, this functionality may be deemed to fall within a very narrow user scope. If an organization wishes to pre-populate this incident type and subtype list, then set the property %AGILIANCE_HOME%config in the agiliance.properties file to limit new incident type definition to those with Incident Manage permissions: allow.incident.type.subtype.creation.toIncidentManagePermissionOnly=true, reload the configuration in the RiskVision Administration > Commands page.