[keycloak-user] Clients purely for namespacing, makes sense?

Hi, looking for a little advise. I have a typical SPA front end and REST API. Each customer can have multiple users with different roles like admin or user. It's conceivable for a single user to belong to two different customer accounts. Because a single user could be an admin to account A and only a user in account B, I thought of using Keycloak clients for namespacing the roles. I would create a disabled client for each account purely to namespace the roles. Make sense? I believe I would continue to use a single public client for the SPA and single bearer only client for the API resource server. I've read that keycloak has issues with large numbers of clients, but I only expect to reach a few hundred.