Postgresql and Authenticated keycloak user

In a Keycloak that manages its own users, how should I configure users to be given specific Postgresql user role? The postgresql version 11 uses kerberos to authentcate its user/role. Each Postgresql role have access to specific database/tables.

E.g. userA, userB, userC when authenticated, will access postgresql as role sales.
userX, userY, userz when authenticated, will access postgresql as role finance.

The reason is, a web application will authenticate its users via Keycloak. The application itself, when making database calls, must rely on specific roles based on user login.

How is this possible with Keycloak?

I am guessing clients are the way to go. Once users have authenticated, there has to be a way where users can access postgresql database as specific roles, setup in the Client.
Still looking forward to how Keycloak can be used.