I assume you are familiar with accessControl standard filter. It allows you to separate privileges to run some action from action code itself. There is however one problem with most common usage - you cannot use bizRules, at least based on some parameters passed to 'checkAccess' just because it is hard to pass them in accessRules() result.
When building PHP web applications you usually have to take care about defining and providing a consistent development and production environment for your team. This includes your application packages, PHP-extensions, database servers and often further components such as a mail server or workers.