Hi @kvdmolen,
Welcome to Dgraph Community !!
No, DQL queries don’t respect the auth statements. This is the case because GraphQL and DQL operate at different levels.
In case of Slash, DQL endpoints are not openly accessible and a token is required to access them.
DQL does have ACLs to restrict User Access (https://dgraph.io/docs/enterprise-features/access-control-lists/), but its an enterprise feature.
Related Detailed Discuss Topic : DQL queries need to respect GraphQL @auth rules .