Can Dgraph provide unified auth?

Hi.I know in alpha,I can set “auth_token” param for alter request.but have no auth method for query and mutation.I think it has safety problem.for example,I have a prod env for business. it means if anyone get alpha address,I can do any query and mutation on my data without is too bad.

I think this is the same case bellow

This is probably a case for ACL.