A trusted user, a permanent proxy user, a proxy role, and a proxy profile in a GRANT CONNECT THROUGH statement cannot belong to a secure zone in a Trusted Sessions configuration.
Application proxy users can access objects in a zone if you grant both zone access and the required discretionary access control privileges on the zone objects to the specified proxy role.