Zone Production includes:
Services: cm_hive, cm_tag
Resources: Hive table retail_demo.customers in cm_hive
Tag-based masking policy (#43): EMAIL_PII, group=public, access=select, maskType=nullify
Tag-based masking policy (#44): EMAIL_PII, group=public, access=select, maskType=hash
Column retail_demo.customers.customer_email is tagged with EMAIL_PII
When retail_demo.customers.customer_email is accessed, audit log indicates that access is granted by policy from Production zone, but masking is done by policy from unzoned(default) zone. Masking should be done by policy in the Production zone too.