You can hide Shop tab by modifying menu.ini.append.php for your admin siteaccess. However this will affect all users (setup tab will be hide for all) and will not disable shop functionality, you will need also set right permission. Other way is modify top_menu template for admin interface (not recommend due to future upgrades).
A few more details : In my opinion the cleanest way to remove the tab is to add / edit the following menu.ini.append.php file to your siteaccess settings files :
We did some work with Bjorn @ http://xrow.de where he provided a similar feature as your describe for a customer project.
I forget offhand just how it was implemented. It might have been as simple as adding custom logic to the admin menu template to control the display of menu items based on a user's role.
<i>Is is possible to hide unused modules from particular roles?</i>
eZ Publish uses what seems to me a closed approach to access control (a system of privileges). You can create roles that provide only limited access to modules or their functions, but I don't think you will be able to flexibly restrict a general policy in any other way than by replacing it with a set of detailed policies. Unfortunately, none of the above will affect the administration interface in any significant way.
On one hand, I would welcome such functionality. On the other, more and more roles can be practiced within the frontend interfaces, and that seems like a strong tendency...