There are now two access levels for collaborators on Heroku apps:
- Full edit access, which allows access to everything: editing code, importing or exporting the database, changing the settings, etc.
- View-only access, which allows the user to view the app only. That is, they can visit the app url (myapp.heroku.com) but not any of the settings pages or the edit url (edit.myapp.heroku.com).
For example, a client who wants to use the app but neither needs nor wants access to the code could be set as a view-only user.
If your app sharing is set to public, the view-only access level has no use.
Do note that these settings have no effect on users changing your app’s data through the normal web front-end. For example, if you have a scaffold page that doesn’t perform any authentication, a view-only user can create, update, and delete records. When we say “full edit access” we’re referring to editing code. What happens when the user views your app is up to you.