The system you're describing for facebook (of which I have no prior knowledge) which makes it impossible to load data that you shouldn't have access to, should also make it impossible to impersonate another user, no? Wouldn't getting access to unauthorized data as a caller just be as simple as saying: "give me all of the posts as zuck"? where zuck is obviously just a root user of some sort.