I am uncomfortable with solutions that would make privileged access to the database complex. For instance, a common pattern with Elasticsearch is setting up a privileged ingestion pipeline that collects data from many places, and puts it in specific indices. Users may have read access as necessary, but this does not match the ingestion permissions.
My stateless ingestion into dgraph would have to run Login() to every namespace it accessed and track separately the token to that namespace - even though it is a user I wish to write across many namespaces. Similarly, my stateless API accessing many customers namespaces on their behalf would have to run Login() on possibly every call, even though it is a privileged user that needs to read all namespaces.
This design seems to be ideal for exposing the database on the internet to many users, which I understand is what dgraph is doing with the SaaS offering currently. However, I would never expose the database directly to the user in an application where the database is not the whole product.