Policy Assignment and managed identity

Hi everyone

My assignment looks like this:

resource “azurerm_policy_assignment” “AssRGTags” {
name = “AssRGTags”
scope = azurerm_management_group.mymanagementgroup.id
policy_definition_id = azurerm_policy_set_definition.level01RGTagsHeredity.id
description = “Policy Assignment RG Tag Heredity”
display_name = “AssRGTagsHeredityDevInt”
location = “westeurope”

parameters = <<PARAMETERS
    {  }

depends_on                      = [azurerm_policy_set_definition.level01RGTagsHeredity]
identity {
    type                        = "**SystemAssigned**"


The Definition and the Assignment looks very well, but if i try to start a “Remediation Task”, following Error-Message appears:

The managed identity for this assignment does not have the appropriate permissions to remediate these resources. To add these permissions, go to the Edit Assignment page for this Policy and re-save it.

How can i deploy an Assignment with the proper Permissons set?

thanx for any Ideas …