Yes, it's pretty common not to provide direct access to production data in general.

In my experience, migrations are usually part of the code base, evaluated as such with PR and whatnot, and run automatically when deploying.

It depends on the size and context of the company, but I would not necessarily see this as a lack of trust.