To support namespace impersonation we added feature to take namespace principal and keytab during namespace creation. These information are stored in NamespaceMeta in NamespaceStore.
To support app/stream/dataset level impersonation (
CDAP-8110) we added a separate store called OwnerStore which store the owner principal of the entities. If a direct owner of a app/dataset/stream is not present we look up namespace meta to get the namespace owner if one was specified.
It will be better to store the namespace owner principal in the OwnerStore rather than in namespace store.
Note: This also need an upgrade step to migrate all the existing namespace meta which has owner to owner store.