Hi @shunp,
Welcome to the community 
For upgradeable smart contracts you should use OpenZeppelin Contracts Ethereum Package.
from OpenZeppelin Contracts Ethereum Package: https://github.com/OpenZeppelin/openzeppelin-contracts-ethereum-package#differences-with-openzeppelin-contracts
This package contains the same contracts as the vanilla OpenZeppelin Contracts, but modified for use with upgradeable contracts. The main difference is that all contracts in this package are potentially upgradeable : you will notice that no contracts have constructors defined, but use initializer functions instead. Also, this package is set up as an Ethereum package, and provides a small set of pre-deployed logic contracts that can be used directly via the OpenZeppelin SDK, without needing to deploy them again.
All contracts have an
UpgradeSafesuffix to avoid confusion with their counterparts in OpenZeppelin Contracts. For example,ERC20becomesERC20UpgradeSafe.All in all, you should use this package instead of @openzeppelin/contracts if you are creating upgradeable contracts .
I created an example of using Ownable in an upgradeable contract to a recent question:
I also recommend looking at Role-Based Access Control for more finely grained access control.