added roleAssignment to fix missing IAM priv

deployifnotexists-policy-with-initiative-and-assignment/policyAssignment.bicep

@@ -27,4 +27,12 @@ resource bicepExampleAssignment 'Microsoft.Authorization/policyAssignments@2020-
       }
     ]
   }
+}
+
+resource roleAssignment 'Microsoft.Authorization/roleAssignments@2020-04-01-preview' = {
+  name: guid(bicepExampleAssignment.name, bicepExampleAssignment.type, subscription().subscriptionId)
+  properties: {
+    principalId: bicepExampleAssignment.identity.principalId
+    roleDefinitionId: '/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c' // contributor RBAC role for deployIfNotExists effect
+  }
 }

deployifnotexists-policy-with-initiative-and-assignment/policyAssignment.json

@@ -37,13 +37,25 @@
           }
         ]
       }
+    },
+    {
+      "type": "Microsoft.Authorization/roleAssignments",
+      "apiVersion": "2020-04-01-preview",
+      "name": "[guid('bicepExampleAssignment', 'Microsoft.Authorization/policyAssignments', subscription().subscriptionId)]",
+      "properties": {
+        "principalId": "[reference(subscriptionResourceId('Microsoft.Authorization/policyAssignments', 'bicepExampleAssignment'), '2020-09-01', 'full').identity.principalId]",
+        "roleDefinitionId": "/providers/microsoft.authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
+      },
+      "dependsOn": [
+        "[subscriptionResourceId('Microsoft.Authorization/policyAssignments', 'bicepExampleAssignment')]"
+      ]
     }
   ],
   "metadata": {
     "_generator": {
       "name": "bicep",
       "version": "0.3.1.62928",
-      "templateHash": "7870791294115762722"
+      "templateHash": "10825597900789147201"
     }
   }
 }