The Broker-J's access-control-plugin currently has no way to express rules that apply to subject that owns an object. For instance, it is impossible to say that only a user can consume from any queue that he created.
If the ACL system supported a pseudo subject OWNER (in additional to the pseudo subject ALL it already supports), then it would be possible to write such rules.
It is noted that currently the model does not a have notion of object ownership (QPID-8162). It does have an immutable createdBy attribute. The first version of this feature will use createdBy.