Good morning,
Please check my blog post about OBIEE security best practices at OBIEE security receommendations.
Small teaser:
Do not use the administrative account to present reports to the users and avoid providing it to users, there is high risk of breaking/deleting something by accident. Consider automating deployments to avoid having to deal with passwords manually.