diff --git a/internal/bundle/bundles/uc_volume/template/databricks.yml.tmpl b/internal/bundle/bundles/uc_volume/template/databricks.yml.tmpl
index 9d377f8e7..d7f31439b 100644
--- a/internal/bundle/bundles/uc_volume/template/databricks.yml.tmpl
+++ b/internal/bundle/bundles/uc_volume/template/databricks.yml.tmpl
@@ -24,3 +24,8 @@ resources:
       schema_name: ${var.schema_name}
       volume_type: MANAGED
       comment: This volume was created from DABs.
+
+      grants:
+        - principal: account users
+          privileges:
+          - WRITE_VOLUME
diff --git a/internal/bundle/deploy_test.go b/internal/bundle/deploy_test.go
index 72ec7aafc..9399c648f 100644
--- a/internal/bundle/deploy_test.go
+++ b/internal/bundle/deploy_test.go
@@ -265,12 +265,20 @@ func TestAccDeployUcVolume(t *testing.T) {
 	catalogName := "main"
 	schemaName := "schema1-" + uniqueId
 	volumeName := "my_volume"
-	volume, err := w.Volumes.ReadByName(ctx, fmt.Sprintf("%s.%s.%s", catalogName, schemaName, volumeName))
+	fullName := fmt.Sprintf("%s.%s.%s", catalogName, schemaName, volumeName)
+	volume, err := w.Volumes.ReadByName(ctx, fullName)
 	require.NoError(t, err)
 	require.Equal(t, volume.Name, volumeName)
 	require.Equal(t, catalogName, volume.CatalogName)
 	require.Equal(t, schemaName, volume.SchemaName)
 
+	// Assert that the grants were successfully applied.
+	grants, err := w.Grants.GetBySecurableTypeAndFullName(ctx, catalog.SecurableTypeVolume, fullName)
+	require.NoError(t, err)
+	assert.Len(t, grants.PrivilegeAssignments, 1)
+	assert.Equal(t, "account users", grants.PrivilegeAssignments[0].Principal)
+	assert.Equal(t, []catalog.Privilege{catalog.PrivilegeWriteVolume}, grants.PrivilegeAssignments[0].Privileges)
+
 	// Recreation of the volume without --auto-approve should fail since prompting is not possible
 	t.Setenv("TERM", "dumb")
 	t.Setenv("BUNDLE_ROOT", bundleRoot)
@@ -290,9 +298,17 @@ volumes the upstream data in the cloud tenant is not affected:
 
 	// Assert the volume is updated successfully
 	schemaName = "schema2-" + uniqueId
-	volume, err = w.Volumes.ReadByName(ctx, fmt.Sprintf("%s.%s.%s", catalogName, schemaName, volumeName))
+	fullName = fmt.Sprintf("%s.%s.%s", catalogName, schemaName, volumeName)
+	volume, err = w.Volumes.ReadByName(ctx, fullName)
 	require.NoError(t, err)
 	require.Equal(t, volume.Name, volumeName)
 	require.Equal(t, catalogName, volume.CatalogName)
 	require.Equal(t, schemaName, volume.SchemaName)
+
+	// assert that the grants were applied / retained on recreate.
+	grants, err = w.Grants.GetBySecurableTypeAndFullName(ctx, catalog.SecurableTypeVolume, fullName)
+	require.NoError(t, err)
+	assert.Len(t, grants.PrivilegeAssignments, 1)
+	assert.Equal(t, "account users", grants.PrivilegeAssignments[0].Principal)
+	assert.Equal(t, []catalog.Privilege{catalog.PrivilegeWriteVolume}, grants.PrivilegeAssignments[0].Privileges)
 }