Hi,
Even you don't assign read permission to the users directly, they have read and apply permission , since users are in the authenticated user group.And all the authenticated uses have read and apply permissions on the GPOs by default.
If you deny the read permission to the specific users, the users won't be able to read the GPO settings.The group policy management console was as following screenshot showing: