I'm not aware what "root login for oracle" means. Perhaps you mean to disable SSH login? In which case you can add "DenyUsers user1 user2 user3" in /etc/ssh/sshd_config and restart the ssh daemon using "service sshd restart"
You might want to keep in mind though that "su" will break X11 xauth authentication (ssh -X). Having to login as another user is another password layer, but does not necessarily give you more control who gets access. It depends on your password policies and the users maintaining them. It might be a good idea to be careful who receives the Oracle password. Not every access to Oracle requires the Oracle account password or SYSDBA access.