When a server’s authorization parameter is enabled, other servers that actively connect to it must authenticate themselves by name and password, or by X.509 certificate.
In Figure 38, servers A and B both configure active routes to one another.
For example, in Figure 38, you don’t need an ACL for messages to flow from A (where a producer is sending to) to B (where a consumer is consuming from) because B has authorization turned off and messages are being sent to and consumed from queues. However, if messages were to flow from B to A (producer connects to B and consumer connects to A), then server A's ACL should grant user B
send permission on the queue Q2.
If we were to use topics in this example, then for messages to flow from A to B, you would need A to grant B the subscribe and
durable permission on the topic (
global on both servers). And for messages to flow from B to A, you would have to grant topic B
publish permission on the topic.