Where is the default Dgraph admin user?

How can i prevent access to my Dgraph instance. Since ratel allows access to any Dgraph instance on the internet using the “Enter Dgraph server URL:” field. Anyone who knows my URL will have full access to my Dgraph instance which is not what we want of course. Every Web Application on the internet has at least 1 admin user with a password. DGraph does not? Even WordPress has a default
admin user. Neo4j/MySQL also has a default root/admin login/password. Am I missing something?

From Slack:

You can put Dgraph behind a API (Or even a GraphQL API). Or when it ready, use ACL.