A Power BI admin applies the Azure Policy shown in the exhibit. What is the effect of this policy?
The condition allows only the finance workspace.
Why this answer
The Azure Policy in the exhibit is configured to deny the 'Read' permission on datasets for all users except those in the 'finance' workspace. This means only users who are members of the finance workspace can read datasets, while all other users are denied read access. Therefore, option D is correct because it accurately describes that only users in the finance workspace can read datasets.
Exam trap
The trap here is that candidates often misinterpret the deny effect as a blanket denial for all users, overlooking the exclusion condition that allows specific users (finance workspace) to read datasets.
How to eliminate wrong answers
Option A is wrong because the policy does not deny read access to all datasets; it specifically allows read access for users in the finance workspace. Option B is wrong because the policy does not restrict reading datasets in the finance workspace; it actually permits it for finance workspace users. Option C is wrong because the policy denies read access to datasets for all users except those in the finance workspace, so not all users can read datasets in all workspaces.