Sorry you feel you didn't get any good replies so far...
seemed to give a pretty straight forward and detailed answer on how to set those permissions, may I ask what's unclear about user-role permissions?
The drop custom module builder+instant add content can't be done because its by design, as Josh
Work flows by design, are defined on a permission level, not person level as the documentation cleary states:
When you click Reject publishing, the system returns the content item or page for editing on the previous level. All users with the proper permissions can edit the item.
The first can be done and is explained, number 2 and 3 can't be done because of the way Sitefinity is designed.
So forgive me for asking, but can you perhaps elaborate on what doubts you still have?