Question Two: DB access

Since I'm used to the MySQL security paradigm/model, I'm having a little
difficulty understanding the security with pgsql.

I noticed that once a db is created, any user able to log in to the server
can create tables within a database.  The docs indicate that I can create a
file containing username:[password] combos to allow only listed users
access to a database, but apparently it's a one file/one database scheme.

         "To restrict the set of users that are allowed to connect to certain
         databases, list the set of users in a separate file (one user name
per
         line) in the same directory that pg_hba.conf is in, and mention
the (base)
         name of the file after the password or crypt keyword,
respectively, in
         pg_hba.conf. If you do not use this feature, then any user that is
known
         to the database system can connect to any database (so long as he
         passes password authentication, of course). "

If I want to allow users access to only their databases, do I create a
separate file for each database, and then include the allowed users in that
file?  I'm really after by-database security, as opposed to by-table so it
doesn't appear that using groups would help.

The question then arises:  Do I then need to add a separate line in
pg_hba.conf for each database under this kind of control?

Thanks