The ACL wiki page (https://cwiki.apache.org/qpid/acl.html) indicates by at least two examples, that group declarations can contain sub-groups. However, Qpid 0.16 does not (seem to) allow this.
For example, given the following ACL file (cut down from the example at https://cwiki.apache.org/qpid/acl.html#ACL-Examplefile%253A):
Qpid 0.16 gives the following error:
ACL format error: /home/paul/.qpidd/qpidd.acl:3: Line : 3, Username 'user-consume' must contain a realm
It appears that the broker is requiring user-consume to be a qualified user name such as user-consume@QPID and not realizing that it is a group name instead.