You have to use $params[‘yourKey’] in the bizRule.
See the documentation using-business-rules.
//$params["post"] is a user object (f.e. owner)
$bizRule='return Yii::app()->user->id==$params["post"]->authID;';
$task=$auth->createTask('updateOwnPost','update a post by author himself',$bizRule);
//checkAccess with the param 'post':
Yii::app()->user->checkAccess('updateOwnPost',array('post'=>$owner))
In your case you can use in the bizRule: $params[‘id’],$params[‘user_id’]…