There are two special powerful privileges, called SYSDBA and SYSOPER. An user with SYSDBA privilege will have access to the database at all times, as connecting as sysdba doesn't query the normal datadictionary. There definitely are situations where this can be handy. One of them occurred to me last Friday. For some reason the number of roles exceeded max_enabled_roles. One of those roles was DBA, but I couldn't login at all, because of the ORA-1925 error, I couldn't even use svrmgr. SYSDBA privilege acts much like the internal user. Now to the implementation, dependent on the value of remote_login_password_file in init<sid>.ora.
1 value NONE, the SYSDBA and SYSOPER privilege are disabled, internal account will have SYSDBA priv (by design)
2 value SHARED, granting SYSDBA to internal and SYS is possible, both users are stored in the password file
3 value EXCLUSIVE, any user can be granted SYSDBA and/or SYSOPER, and will be stored in the password file.

Note: Oracle has announced they will desupport the internal mechanism in the future. In order to be able to work as internal you will need an user with SYSDBA privilege.

Hth,

Sybrand Bakker, Oracle DBA