Hi Zeeshan,
still, depending on your scenario in general this is controlled via an authorization object CRM_ISA_SP. This gets checked against an "authorization group" that you can configure for your shop in the shopadmin application on tab "general infromation" block "authorizations". If this value is present in the config the log in process checks the value in the authorization object (which is part of the users role) against the value in the authorization group and allows or disallows access to the particular shop.
Challenge is that the reference user that you create the user from can have only one authorization group, so you need to do some custom coding in the registration process in case you want to have overlaps of users, i.e., have some users access more than one of your shops.
here a link that refers to CRM 5: http://help.sap.com/saphelp_crm50/helpdata/en/a8/abf837aea75351e10000009b38f8cf/frameset.htm
Also have a look into the help provided by the shopadmin app for the field referenced above.
Hope this helps
Rgds
Thomas