diff --git a/databricks-s3-volume/grants.tf b/databricks-s3-volume/grants.tf
index 363ba226..7575191b 100644
--- a/databricks-s3-volume/grants.tf
+++ b/databricks-s3-volume/grants.tf
@@ -1,5 +1,7 @@
 locals {
   # Only set the grant principals if the catalog and/or schema doesn't already exist
+  catalog_all_priv_grant_principals = var.create_catalog ? var.catalog_all_priv_grant_principals : []
+  catalog_all_priv_grant_principals = concat(local.catalog_all_priv_grant_principals, [var.owner])
   catalog_r_grant_principals = var.create_catalog ? var.catalog_r_grant_principals : []
   catalog_rw_grant_principals = var.create_catalog ? var.catalog_rw_grant_principals : []
   schema_r_grant_principals = var.create_schema ? var.schema_r_grant_principals : []
@@ -7,6 +9,16 @@ locals {
 }
 
 # catalog
+
+resource "databricks_grant" "catalog_all_privileges" {
+  depends_on = [databricks_catalog.volume[0]]
+  for_each   = toset(local.catalog_all_priv_grant_principals)
+
+  catalog    = local.catalog_name
+  principal  = each.value
+  privileges = ["ALL_PRIVILEGES"]
+}
+
 resource "databricks_grant" "catalog_r" {
   depends_on = [databricks_catalog.volume[0]]
   for_each   = toset(local.catalog_r_grant_principals)
@@ -64,7 +76,7 @@ resource "databricks_grant" "volume_r" {
   for_each   = toset(var.volume_r_grant_principals)
   volume     = databricks_volume.volume.id
   principal  = each.value
-  privileges = ["READ_VOLUME", "READ_FILES"]
+  privileges = ["READ_VOLUME"]
 }
 
 resource "databricks_grant" "volume_rw" {
diff --git a/databricks-s3-volume/variables.tf b/databricks-s3-volume/variables.tf
index e48f8c3c..cae13b8e 100644
--- a/databricks-s3-volume/variables.tf
+++ b/databricks-s3-volume/variables.tf
@@ -70,6 +70,12 @@ variable "bucket_object_ownership" {
   }
 }
 
+variable "catalog_all_priv_grant_principals" {
+  description = "(Optional) Databricks groups to grant all-privileges permission to on the catalog. Owner is included"
+  type        = list(string)
+  default     = []
+}
+
 variable "catalog_r_grant_principals" {
   description = "(Optional) Databricks groups to grant read-only permissions to on the catalog"
   type        = list(string)