search

Azure / azure-blueprints

A library of sample Blueprints that can be easily imported via API or PowerShell
MIT License
258 stars 152 forks source link

Initiative assignments doesn't assign role assignments #39

Open audhage opened 4 years ago

audhage commented 4 years ago

When assigning policy initiatives containing policies with DeployIfNotExists actions through blueprints, role assignments are not included.

This works fine when assigning individual policies.

The policy documentation states that using command-line approaches to assigning policies, the role assignments must be assigned as a post policy assignment task. https://docs.microsoft.com/en-us/azure/governance/policy/how-to/remediate-resources

This is something that is already handled in blueprints for individual policies, but it seems not so for initiatives.

Is this a bug, missing feature, or expected behavior?

alex-frankel commented 4 years ago

This is a missing feature. The recommendation is to assign the policy initiative via ARM Template artifact and you can also do the role assignment in that template.