Storage-based authorization
Hive supports doAs=true plus storage-based authorization that enables security at Hive Metastore API level.
This mode does not involve any additional enforcement at SQL level (in HiveServer2). Customer applications often use this mode when they do not require fine grained access control at column or row level. In this mode, the files are typically owned by the end user. The queries run as end user using doAs=true, and permissions are provided to end-user to access the files directly, since HDFS permissions are set appropriately.
When Hive replication is performed with this mode, the file permissions need to be preserved in target cluster as well, so that the end user shall continue to access the replicated data files based on appropriate permissions.