Heroku Postgres credential permissions can be managed in data.heroku.com

Change effective on 21 November 2017

It is now possible to configure the permission level of a Postgres credential in data.heroku.com. Each credential can be configured to have no permissions, read-only permissions or read-write permissions. More custom permissions can also be set directly via pg:psql .

Credentials are available to non-legacy production plans running Postgres 9.6 or above. For more information, please see this Dev Center article.