There are scenarios when you work with DVCS (like Mercurial or Git) and CDbMessageSource. To my experience keeping the development database and production database in sync can be very time consuming. Plus, when working in a team, you never know when the database was updated.
I assume you are familiar with accessControl standard filter. It allows you to separate privileges to run some action from action code itself. There is however one problem with most common usage - you cannot use bizRules, at least based on some parameters passed to 'checkAccess' just because it is hard to pass them in accessRules() result.
If you want to give extra attention for some specific delete actions and you don't want to override whole yii.confirm JS method here is what you can do:
(I've only put the ActionColumn part of the GridView here to just give you the idea)
I found a standard Yii app's protected folder structure nearly perfect. With a few simple moves and a little bit change to the code, I managed to bring it to the level, which I found as fully perfect. I want to share my point of view, in case someone would like to use this structure as well.