Use Justin Tadlock’s plugin “Members“. It gives you the ability to create new roles and edit existing roles, as well as add custom capabilities. All that work that you’d have to do can be taken down to a few clicks.
I know you said in your comment on ZaMoose’s answer that you are ‘looking to write the functionality myself so I have full control over everything.’ That’s missing the whole point of open source software. Justin Tadlock released his plugin so you could use it precisely so you WOULD have complete control over everything.
If you really really want to reinvent the wheel, potentially wasting hundreds of hours of your own time I can’t stop you, but you could at least save yourself the trouble and use Tadlock’s plugin to learn how to do what you want.
Once you have a plugin that does what you want, you’ll need to change the 'map_meta_cap' flag to true and the 'capability_type' flag in your post type registration function so that it says something other than ‘post’, ‘page’, or any other ‘reserved’ type. Then, duplicate all the capabilities related to posts (e.g. edit_posts, edit_others_posts, publish_posts, etc.), using your capability type instead of posts. Make sure to assign all these permissions to administrators (you won’t be able to see the post type until you do this), then create your role, mimicking the ‘contributor’ role’s abilities for your post type.
For example, say your capability type was foobars, you would want to give ‘shop owners’ the edit_foobars, delete_foobars, and read capabilities. That way they can create their own draft foobars, and delete those drafts, but because they don’t have publish_foobars capabilities, they have to submit them for approval. Because they don’t have edit_published_foobars, all modifications to an approved foobar have to be approved.