Keepass has two levels of access control: "you can access this database" and "you can't". You can use a single database per access group, but once you go beyond two or three groups that's infeasible. You really need a system with a highly granular ACL built-in.
