It was requested many times and in different form (including some requests in this tracker) to make it possible to have separate users' lists for different databases, including different SYSDBA's passwords and ability to store users' list inside database itself.
The solution should be based on already existing per-database configuration in aliases.conf. New config parameter SecurityDatabase is supposed to do that trick:
alias = /path/to/database.fdb
SecurityDatabase = alias_or_database_name