Correct HTTP status code when resource is available but not accessible because of permissions

Question

I am building a RESTful protocol for Dynamic Carpooling applications, for my Computer Science thesis.

In the Protocol I also have to formally specify the HTTP statu

Answer 1

To me I will use 400 Bad request.
Because my application will not go unaccessable resources in programmatically.
Filtering users permission and hide unaccessable resources is good user experience in my opinion. If my server got unaccessable request which means some person trying to do something.
That is why I choose 400 - Bad request in my applications.