Couple of quick statements to identify potentially problem users during an upgrade or patch:
select grantee from dba_sys_privs where privilege = 'RESTRICTED SESSION'
Some of the results will be roles... for example, the dba role will be in that result set.
You'll need to track down who has the dba role as well:
select grantee from dba_role_privs where granted_role = 'DBA';