docs: add RBAC docs and other chores (#3313)

docs/en/enterprise/features/rbac.mdx

@@ -0,0 +1,103 @@
+---
+title: "Role-Based Access Control (RBAC)"
+description: "Control access to crews, tools, and data with roles, scopes, and granular permissions."
+icon: "shield"
+---
+
+## Overview
+
+RBAC in CrewAI Enterprise enables secure, scalable access management through a combination of organization‑level roles and automation‑level visibility controls.
+
+<Frame>
+  <img src="/images/enterprise/users_and_roles.png" alt="RBAC overview in CrewAI Enterprise" />
+  
+</Frame>
+
+## Users and Roles
+
+Each member in your CrewAI workspace is assigned a role, which determines their access across various features. 
+
+You can:
+
+- Use predefined roles (Owner, Member)
+- Create custom roles tailored to specific permissions
+- Assign roles at any time through the settings panel
+
+You can configure users and roles in Settings → Roles.
+
+<Steps>
+  <Step title="Open Roles settings">
+    Go to <b>Settings → Roles</b> in CrewAI Enterprise.
+  </Step>
+  <Step title="Choose a role type">
+    Use a predefined role (<b>Owner</b>, <b>Member</b>) or click <b>Create role</b> to define a custom one.
+  </Step>
+  <Step title="Assign to members">
+    Select users and assign the role. You can change this anytime.
+  </Step>
+</Steps>
+
+### Configuration summary
+
+| Area | Where to configure | Options |
+|:---|:---|:---|
+| Users & Roles | Settings → Roles | Predefined: Owner, Member; Custom roles |
+| Automation visibility | Automation → Settings → Visibility | Private; Whitelist users/roles |
+
+## Automation‑level Access Control
+
+In addition to organization‑wide roles, CrewAI Automations support fine‑grained visibility settings that let you restrict access to specific automations by user or role.
+
+This is useful for:
+
+- Keeping sensitive or experimental automations private
+- Managing visibility across large teams or external collaborators
+- Testing automations in isolated contexts
+
+Deployments can be configured as private, meaning only whitelisted users and roles will be able to:
+
+- View the deployment
+- Run it or interact with its API
+- Access its logs, metrics, and settings
+
+The organization owner always has access, regardless of visibility settings.
+
+You can configure automation‑level access control in Automation → Settings → Visibility tab.
+
+<Steps>
+  <Step title="Open Visibility tab">
+    Navigate to <b>Automation → Settings → Visibility</b>.
+  </Step>
+  <Step title="Set visibility">
+    Choose <b>Private</b> to restrict access. The organization owner always retains access.
+  </Step>
+  <Step title="Whitelist access">
+    Add specific users and roles allowed to view, run, and access logs/metrics/settings.
+  </Step>
+  <Step title="Save and verify">
+    Save changes, then confirm that non‑whitelisted users cannot view or run the automation.
+  </Step>
+</Steps>
+
+### Private visibility: access outcomes
+
+| Action | Owner | Whitelisted user/role | Not whitelisted |
+|:---|:---|:---|:---|
+| View automation | ✓ | ✓ | ✗ |
+| Run automation/API | ✓ | ✓ | ✗ |
+| Access logs/metrics/settings | ✓ | ✓ | ✗ |
+
+<Tip>
+The organization owner always has access. In private mode, only whitelisted users and roles can view, run, and access logs/metrics/settings.
+</Tip>
+
+<Frame>
+  <img src="/images/enterprise/visibility.png" alt="Automation Visibility settings in CrewAI Enterprise" />
+  
+</Frame>
+
+<Card title="Need Help?" icon="headset" href="mailto:support@crewai.com">
+  Contact our support team for assistance with RBAC questions.
+</Card>
+
+