DatabaseAccessRolProtection
One of the most frequent requirement is to allow users to connect through developer or reports, but not directly using other tool, this is the solution.
1) You create roles password protected.
create role prueba identified by test;
2) Assign the role to your users disabled.
GRANT prueba TO CTB;
ALTER USER CTB DEFAULT ROLE ALL EXCEPT prueba;
3) Then you enabled it in the application, in PRE-FORMS
In forms
DBMS_SESSION.SET_ROLE( 'prueba identified by test') );
On reports
there is a role_name property in your report, the benefit (or disadvantage) of setting in the report, is that the report becomes password protected.
You too can use sent it as a parameter
ADD_PARAMETER( Pal_Report, 'ROLE', TEXT_PARAMETER, 'PRUEBA/TEST' );
4) If you don't have an encrypted transmission, you can enable the role on the database logon trigger