Dynamic Data Masking Policy

Claro stores user email addresses in the CORE.USERS table. For compliance reasons, emails must be fully visible only to users with the ANALYST_ROLE - all other roles should see a masked value like ****@****.com. The data team is writing a dynamic data masking policy to enforce this at the column level.

Which masking policy definition correctly implements this requirement?