If you need a "user-to-DB" map, that's more complicated than most people are talking about here.
With small usership though, it's not hard to produce. The API has NotesDatabase.QueryAccess, and you can build a list of people, then check on their accesses to each DB.
The bigger it gets, the more you'll need to cut into the number of people to check. There, you'll probably need to check -Default- & Anonymous settings to represent "everybody else".
And then you'd need to look up group entries from each DB's acl.
Groups are hard to expand-out, because there's not an API to expand them. However, you can do pretty well with one of the hidden "(LDAP)" views in the Address Book. Keep in mind, groups may not grant users access if you use "mail-only" and "deny-access" settings.