Can KeyCloak be used for managing permissons of external OIDC users?

Forgive me if this information is easily found somewhere already, I’m not quite sure how to phrase my search terms.

I’m developing a web application in which users won’t explicitly register accounts with us but can authenticate using an existing 3rd party OIDC provider (e.g. ORCID). Some of these users we would like to assign certain view/edit permissions to, but most we will not. We don’t want users to have to go through a registration flow, and will just get their display name, url etc from the OIDC provider. We’re also not interested in inserting authenticated user details in our database unless the user has been assigned a role or explicitly added content (e.g. left a comment).

Is KeyCloak appropriate for this kind of task? Are there any specific documentation pages that detail how to do this kind of configuration?

Thanks