I must admit I have a similar issue - see here for my initial post: Suggested strategy for sharing objects between users
My approach at the moment is to change the ACL on all the user’s objects (i.e. posts in your use case), which is not ideal as I have the same problem that you had identified, updating 1000 objects is a pain!