Access control on related collection querying.

[Nitrammets]

Let's say we have an Accounts collection and a Leaderboard global. Leaderboard has a field(array) members and each member has a relationTo: "accounts". Now when querying the leaderboard through REST and using the depth=1 query parameter with the intention of getting the accounts username instead of only the id, it only works if the Accounts root level access for read is open. What is the correct way of limiting the fields accessible through different related queries?