Currently I am using database accounts as my authentication schema and as a result anyone with a valid database account may login. I would like this to be more restrictive. All my users have a prefix in their user account names which specifies the group they belong to. An example would be dev_john, qa_cindy, etc. I would only like a specific group with a certain prefix in their username to be able to login. Database accounts seems to just allow all. I see there is a custom auth, but I am unsure how to get databse users from here.
I think the problem with this would be how to check the Oracle users' passwords from within your custom authentication function. Hopefully there is no way you can find out their passwords to check them, so how can you establish they typed the correct password? Maybe there is a way, I don't know.
However, perhaps more appropriate for this rule would be an authorization scheme. The user can log in, but if their username fails your authorization scheme test, they can't access the application. The test would be a PL/SQL expression like:
:APP_USER like 'QA%' or :APP_USER like 'TEST%'
When user DEV_JOHN logs in, the log in succeeds but all they get is a page saying e.g.
Only QA and TEST users are allowed to access this system.