Initiative assignments doesn't assign role assignments

[audhage]

When assigning policy initiatives containing policies with DeployIfNotExists actions through blueprints, role assignments are not included.

This works fine when assigning individual policies.

The policy documentation states that using command-line approaches to assigning policies, the role assignments must be assigned as a post policy assignment task.
https://docs.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources

This is something that is already handled in blueprints for individual policies, but it seems not so for initiatives.

Is this a bug, missing feature, or expected behavior?

[alex-frankel]

This is a missing feature. The recommendation is to assign the policy initiative via ARM Template artifact and you can also do the role assignment in that template.