It's certainly possible to do so, however I think you'd end up running into more problems than you solved. At the end of the day if you give someone a restricted account and they want to see some data then they'll just write a report and deploy it as apps. Or they will go into something like Oracle Alerts and write an alert that retrieves the data. And so on. If you have data that you feel is too sensitive for your developers to see then you should resolve the issue on the database by obfuscating that data. Be wary however that by doing so you run the risk of not being able to replicate production performance problems in that area in your dev environment due to the data being different (and hence possible different plans).