Removing specific entries from a device group object attribute from the CLI in PAN-OS from Panorama does not delete the whole attribute

• On any Panorama, deleting from CLI one device-group from a FW that only has vsys1 only removes vsys1 but there is a line with no vsys which remains in the DG and makes the configuration to be pushed to that device if not manually deselected

• Panorama CLI command to delete specific vsys: 

delete device-group <device group name> devices <serial number> vsys <vsys name>

• After running the aforementioned CLI command it is still possible to see an entry for a vsys with no name or number:

admin@Panorama# show device-group <device-group name> | match vsys
set device-group <device-group name> devices <serial number> vsys 

• Any PAN-OS
• Panorama

• Behaviour is working as intended and actually not limited to vsys only, the same can be applied to other objects like for instance with address and address-object configuration attributes 
• If an object name "sampleAddress" is created with a tag "IPC-082", before deleting such tag would like as follows:

sampleAddress {
               description "checking for behaviour";
              tag IPC-082;
            }
         }

• After manually deleting the tag "IPC-082":

 sampleAddress {
               description "checking for behaviour";
              tag;
            }
          }

• As per the example tag is not getting removed, in order to do so, it is necessary to delete the whole address [sampleAddress] 

1. To remove the whole device group for that serial number:

admin@Panorama#  delete device-group <device-group name> devices <serial number>