diff --git a/roles/openshift/project/templates/appowners.yml b/roles/openshift/project/templates/appowners.yml
index f2b0667853..d7d685635f 100644
--- a/roles/openshift/project/templates/appowners.yml
+++ b/roles/openshift/project/templates/appowners.yml
@@ -5,6 +5,10 @@ metadata:
   name: appowners
 roleRef:
   name: appowner
+{% if env == "staging" %}
+  # See note in role-appowners.yml
+  namespace: "{{app}}"
+{% endif %}
 userNames:
 {% for owner in appowners %}
 - {{ owner }}
diff --git a/roles/openshift/project/templates/role-appowners.yml b/roles/openshift/project/templates/role-appowners.yml
index d8d3b5c499..8db4990a8f 100644
--- a/roles/openshift/project/templates/role-appowners.yml
+++ b/roles/openshift/project/templates/role-appowners.yml
@@ -1,11 +1,16 @@
 apiVersion: v1
+{% if env == "staging" %}
+kind: Role
+{% else %}
 # Namespace-local roles did not work until openshift 3.6
 # https://github.com/openshift/origin/issues/14078
 kind: ClusterRole
+{% endif %}
 metadata:
   annotations:
     openshift.io/description: An application owner. Can view everything but ConfigMaps.
   name: appowner
+  namespace: "{{ app }}"
 rules:
 - apiGroups:
   - ""