Add to your /etc/sudoers something like
tom ALL=(oracle) ALLThen user tom should be able to use sudo to run things as user oracle with the -u option, without letting tom
I.e. getting a shell as user oracle (well, given that your sudo is new enough to have the -i option).
sudo -u oracle -i