Root can do anything. If some other user has root access, then they can do whatever you can.
As for standard users, chown the file (owner.group) to whatever user it want...
chown oracle.oracle this_file
Then, chmod the file to owner only permission...
chmod 0600 this_file
That way, only the user oracle (or root) can read/write that file.
I'm pretty sure the second scenario isn't possible... If somebody has read permission for a file, then they can read the whole file.