After the context switch, permissions are checked against the login and user security tokens for that account instead of the person calling the EXECUTE AS statement.