Resolved! ACL at field level
Hi I created this Read ACL on sys_user field email. I put a simple condition of if email does not contain @1234 then only sn_hr_core.case_writer role can read this field. However, it just hides it everywhere now, even if the condition is not met......