As I mentioned, I was trying to hide all unsed entities by modifying the security roles. However, the users were not able to create new cases:-(
The SDK for Microsoft Dynamics CRM 2016 says that for creating Case (Incident) you need to have these:
Full list of what is required for creating records is here: https://msdn.microsoft.com/en-us/library/gg328108.aspx
However, this is not correct, because users were still not able to create opportunities.
The first error was:
<Message>Principal user (Id=, type=8) is missing prvReadEntitlement privilege (Id=0925bd85-61f1-485c-b34f-240504216bd1)</Message>
So I added the read privilege for Entitlement, even though we are not using them in our CRM.
Again I wish that things like these would be documented!
Happy CRM day,