Welcome to B 
B.
It is better to give Custom access level for the security to the user groups.(This is new feature in BOXI3.x versions)
You can deny the rights on WebIntelligence applications , then user can not access the universes.
More to know start from XI 3.0 Security for Mere Mortals
Arjun (BOB member since 2008-07-28)